Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)

Secure Fabric OS Administrator’s Guide 3-3
Publication Number: 53-1000244-01
3
The secModeEnable command performs the following actions:
Creates and activates the FCS policy.
Distributes the policy set (initially consisting of only the FCS policy) to all switches in the fabric.
Activates and distributes the local zoning configurations.
Fastboots any switches needing a reboot to bring the fabric up in secure mode. (Switches running
Fabric OS v3.2.x, v4.4.x, v5.0.1, v5.1.0, and v5.2.0 are not rebooted when secure mode is enabled.)
By default, the only policy created is the FCS policy. This policy is implemented; no other Secure
Fabric OS-related changes occur to the fabric. Other Secure Fabric OS policies can be created after the
fastboots are complete.
Run secModeEnable from a Fabric OS v2.6.1, v3.1.x, v4.1.x, and v4.2.x switch to distribute all default
account passwords to all other switches in the fabric. In addition, Fabric OS v3.2.0, v4.4.0, v5.0.1,
v5.1.0, and v5.2.0 switches back up existing MUAs and remove them from the existing password
database.
Run secModeEnable from a Fabric OS v3.2.0, v4.4.0, v5.0.1, or v5.1.0 switch to distribute all default
account passwords and MUA information to all other Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and
v5.2.0 switches in the fabric. Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and v5.2.0 switches back up their
own existing MUAs and remove them from the existing password database. Fabric OS versions 2.6.1,
3.1.x, 4.1.x, and 4.2.x switches receives the default account distribution only.
Fabric OS v3.2.x, v4.4.x, v5.0.1 v5.1.0, and v5.2.0 provide two secModeEnable options. The default
option prompts for new passwords for all default accounts and leaves the MUA passwords unchanged
before distribution to other switches in the fabric. The other option, --currentpwd, suppresses the
prompt for new default account passwords. The existing default account passwords and MUA
passwords on the primary FCS switch are distributed to the rest of the fabric. The command backs up
and deletes all MUAs on a receiving switch that are different from the ones on the primary FCS switch.
Depending on whether optional arguments are specified or not, the command also might request new
passwords for secure mode.
ote
Run secFabricShow to verify that all switches in the fabric are in a “Ready” state before
running any commands that change security policies, passwords, or SNMP.
C
aution
Placing the two switches of a two-domain SilkWorm 24000 in separate fabrics is not supported if secure
mode is enabled on one or both switches.