Mainframe & FICON

Reply
Highlighted
Occasional Contributor
Posts: 16
Registered: ‎06-25-2015
Accepted Solution

How to recover a disabled port after a SW Security Violation issue?

hello community,

 

a couple of days ago, an unexperienced person connected an unauthorized switch in another switch and it causes an error reported as "SW Security Violation - SCC Policy Violation, Peer WWN not in ACL list". Now, I am not able to put this port as enabled again. I select the port and the "enable" option, but after confirm the process, it remains in disable mode.

 

Does anybody know how to reset/remove this error and enable this port with no impact for this switch that have a plenty of ports in use?

 

Regards,

 

Cmagno

Valued Contributor
Posts: 531
Registered: ‎03-20-2011

Re: How to recover a disabled port after a SW Security Violation issue?

[ Edited ]

never had a chance to recover from this state, but usually, auto-disabled port needs to be manually disabled and enabled using either portdisable/portenable or portcfgpersistentdisable/portcfgpersistentenable

Occasional Contributor
Posts: 16
Registered: ‎06-25-2015

Re: How to recover a disabled port after a SW Security Violation issue?

When I open the Web Tools, in the "Logical Switch" box, I have three options there: 128-SW.AB, 40-PPRC-SWAB and 11-SW.AB.Logical. Only when I chose 11-SW.AB.Logical, I can see the ports that I need to work. The enable/disable doesn't work there, then I am trying to use the TELNET option.

When I open the TELNET for the IP address, the TELNET reports that I am using the 128-SW.AB and there I do not have those ports where the error exist. As all three options above uses the same IP address, how to jump from the 128-SW.AB to 11-SW.AB.Logical and perform some commands?

 

Regards,

Cmagno

Valued Contributor
Posts: 531
Registered: ‎03-20-2011

Re: How to recover a disabled port after a SW Security Violation issue?

so you need to enter "setcontext 11"
Occasional Contributor
Posts: 16
Registered: ‎06-25-2015

Re: How to recover a disabled port after a SW Security Violation issue?

The setcontext works fine, thanks, but unfortunately the problem with the port disable was not fixed.


Look those steps that I did

SW.AB:FID128:admin> setcontext 11

 

SW_AB.Logical:FID11:admin> portcfgpersistentenable 1/13
portCfgPersistent commands not allowed in fmsmode

 

SW_AB.Logical:FID11:admin> portenable 1/13
Warning! You are about to change FICON Director parameters. Do you want to continue? (yes, y, no, n): [no] y

 

SW_AB.Logical:FID11:admin> portshow 1/13
portIndex:  13
portName:
portHealth: OFFLINE

Authentication: None
portDisableReason: SW Security Violation - SCC Policy Violation, Peer WWN not in ACL list
portCFlags: 0x1
portFlags: 0x4021     PRESENT U_PORT DISABLED LED
LocalSwcFlags: 0x0
portType:  17.0
portState: 2    Offline  
Protocol: FC
portPhys:  4    No_Light     portScn:   2    Offline   
port generation number:    404
state transition count:    3          

portId:    0b0d00
portIfId:    4312001d
portWwn:   20:0d:00:05:1e:ac:a2:01
portWwn of device(s) connected:

Distance:  normal
portSpeed: N8Gbps

Credit Recovery: Inactive
LE domain: 0
FC Fastwrite: OFF
Interrupts:        0          Link_failure: 0          Frjt:         0          
Unknown:           0          Loss_of_sync: 0          Fbsy:         0          
Lli:               3          Loss_of_sig:  0          
Proc_rqrd:         0          Protocol_err: 0          
Timed_out:         0          Invalid_word: 0          
Rx_flushed:        0          Invalid_crc:  0          
Tx_unavail:        0          Delim_err:    0          
Free_buffer:       0          Address_err:  0          
Overrun:           0          Lr_in:        0          
Suspended:         0          Lr_out:       0          
Parity_err:        0          Ols_in:       0          
2_parity_err:      0          Ols_out:      0          
CMI_bus_err:       0          

SW_AB.Logical:FID11:admin>

 

Thanks Alexey by your attention and help. Have you any other suggestion to fix this issue?

Regards,

 

Cmagno

Valued Contributor
Posts: 531
Registered: ‎03-20-2011

Re: How to recover a disabled port after a SW Security Violation issue?

I've just noticed this is FICON, which is not my area at all...

 

but anyway, please try doing portdisable first and only then proceed to portenable (which was my initial suggestion)

Occasional Contributor
Posts: 16
Registered: ‎06-25-2015

Re: How to recover a disabled port after a SW Security Violation issue?

Thanks Alexey you did a great help telling me how to jump between the logical switches.

Best regards,


Cmagno

Valued Contributor
Posts: 531
Registered: ‎03-20-2011

Re: How to recover a disabled port after a SW Security Violation issue?

That's great, but did you finally enable the port?
Occasional Contributor
Posts: 16
Registered: ‎06-25-2015

Re: How to recover a disabled port after a SW Security Violation issue?

Unfortunately it remains in disable. I am still doing a research about this error.

 

Thanks

Valued Contributor
Posts: 531
Registered: ‎03-20-2011

Re: How to recover a disabled port after a SW Security Violation issue?

Looks like you might need to disable the SCC policy in order to re-enable the unlucky port.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.