User Manual
Table Of Contents
- Contents
- About this guide
- Using McDATA Web Server/Element Manager
- Managing Fabrics
- Securing a fabric
- Security consistency checklist
- Connection security
- User account security
- Remote authentication
- Device security
- Edit Security dialog
- Create Security Set dialog
- Create Security Group dialog
- Create Security Group Member dialog
- Editing the security configuration on a switch
- Viewing properties of a security set, group, or member
- Security Config dialog
- Archiving a security configuration to a file
- Activating a security set
- Deactivating a security set
- Configured Security data window
- Active Security data window
- Fabric services
- Rediscovering a fabric
- Displaying the event browser
- Working with device information and nicknames
- Zoning a fabric
- Zoning concepts
- Managing the zoning database
- Managing the active zone set
- Managing zones
- Merging fabrics and zoning
- Securing a fabric
- Managing switches
- Managing user accounts
- Configuring RADIUS servers
- Displaying switch information
- Configuring port threshold alarms
- Paging a switch
- Setting the date/time and enabling NTP client
- Resetting a switch
- Configuring a switch
- Archiving a switch
- Switch binding
- Restoring a switch
- Restoring the factory default configuration
- Downloading a support file
- Installing Product Feature Enablement keys
- Installing firmware
- Displaying hardware status
- Managing ports
- Glossary
- Index
26
An empty (no members) security group in the active security set will prevent all connections for that security
group type. For example, an empty ISL security group will cause the switch to refuse all logins from other
switches. To add a security group to a security set:
1. Click Security on the tool bar in the faceplate display or select Security > Edit Security to open the Edit
Security dialog.
2. Choose one of the following methods to open the Create a Security Group dialog:
• Click a security set and click Security Group in the tool bar in the graphic window.
• Right-click on a security set and select Create a Security Group from the popup menu.
3. Enter a security group name and select a security group type (ISL, Port, or MS). Remember, only one
security group type (1 ISL, 1 Port, 1 MS) in each security set is allowed. The naming conventions for
security groups are:
• Must start with a letter
• All alphanumeric chars [aA—zZ] [0—9]
• The symbols $_ - and ^ are the only symbols allowed.
4. Click OK to save the change.
Create Security Group Member dialog
Use the Create Security Group Member dialog, shown in Figure 8, to add a member to a security group.
Choose options from the Group Member (or manually enter a hex value) and Authentication drop-down
lists, and enter values in the Secret and Binding (ISL groups only) fields.
Figure 8 Create a Security Group Member dialog
The conventions for ISL security group members are listed below:
• You can enter member World Wide Name (WWN), which must be 16 hex characters, or 23
characters with valid WWN format xx:xx:xx:xx:xx:xx:xx:xx.
• The authentication choices are None and CHAP (Challenge Handshake Authentication Protocol).
• The Secret field is disabled if authentication is set to None. If authentication is CHAP, the Secret field is
enabled. The secondary hash and secret are not supported when connecting to other McDATA
products.
• Generate is only enabled when authentication is set to CHAP.
• Valid binding entries are 97–127.