Fibre Channel (SAN)

SFOS-to-FOS 5.3.0 Conversion

by venkatesh.r4 on ‎09-21-2007 01:00 AM - edited on ‎10-30-2013 01:01 PM by bcm1 (257 Views)

DETAILED DESCRIPTION  

Brocade Secure Fabric OS (SFOS) introduced the notion of a secure mode in the fabric. Secure mode provides mandatory enforcement of a set of security mechanisms considered desirable for fabric-wide properties, such as SCC policies, and for fabric-wide password distribution in environments that do not use RADIUS Authentication, Authorization, and Accounting (AAA) service. 
However, Secure Fabric OS advanced security features have now been added to standard Fabric OS (complete in Fabric OS 5.3.0) with a more flexible implementation than fabric-wide enforcement and the following characteristics: More granular, explicit control over the switch and fabric-wide configuration changes to a fabric 
A fabric-wide distribution enforcement mechanism that accommodates mixed Fabric OS version environments in which updates to a fabric can be performed incrementally 

To migrate security from SFOS to standard FOS, you can upload a configuration file from the primary FCS switch in a secure fabric, use this script to delete policies that are unnecessary for ACLs in Fabric OS 5.3.0, and then download the file. 

REQUIREMENTS 

Operating System Not Applicable 

Interface Not Applicable 

Fabric Operating System Fabric OS v5.3.0 

Other None 

 

NOTES (INCLUDING LIMITATIONS) 

In order to migrate to use the security features in standard Fabric OS, you must have Fabric OS 5.3.0 installed in the fabric VLAN (8021.q and ISL 802.1p). 

NOTE: Fabric OS 5.3.0 provides SCC and DCC policies stored in a local database; however, SCC and DCC policies in Secure Fabric OS and in Fabric OS are not interchangeable. If you have security enabled in the fabric via Secure Fabric OS, you must disable it before you can use the ACL policies in Fabric OS. 

For more about ACLs and Fabric OS, see "Configuring Advanced Security" in the Fabric OS Administrator's Guide for version 5.3.0. 

 

NOTE: This contribution was migrated by Brocade from the former Brocade Connect community on March 13, 2008, on behalf of the author.

Contributors