3–Managing Fabric Security
Device Security
59266-01 B 3-3
Figure 3-1. Port Binding Dialog Box
Device Security
Device security provides for the authorization and authentication of devices that
you attach to a switch. You can configure a switch with a group of devices against
which the switch authorizes new attachments by devices, other switches, or
devices issuing management server commands.
Device security is configured through the use of security sets and groups. A group
is a list of device World Wide Names that are authorized to attach to a switch.
There are three types of groups: one for other switches (ISL), another for devices
(Port), and a third for devices issuing management server commands (MS).
A security set is a set of up to three groups with no more than one of each group
type. The orphan security set contains the security groups and members that do
not belong to a security set. Activating a security set applies security to the switch
or fabric. Only one security set can be active at one time.
An active security set with an ISL group allows changes to the security set to
propagate to the other switches in the ISL group. ISL group WWN, domain ID, and
configuration information (except secrets) propagate to the other switches in the
ISL group so that all of the switches have the same security information. If fabric
binding is enabled on the ISL group, WWNs and domain IDs are verified against
the ISL group information before allowing a connection by another switch,
providing another level of security.
To Next Page
Loading...
Need help?
General
