Chapter 5. Configuring the FICON Director 63
14.Finally, to verify the setup, select the Switches tab in the Fabric Manager. This displays
the details of the switches in the fabric. Figure 5-13 shows the different settings.
Figure 5-13 Verify fabric settings
5.4 Merging fabrics with secure mode enabled
To merge fabrics, all switches must be in the same state regarding secure mode and must
have
identical security policies. Any switches that do not have matching security policies or
are in a different state regarding secure mode, will be segmented. For example, two fabrics
that have secure mode disabled can be merged, and two fabrics that have secure mode
enabled and matching security policies can be merged.
Running with secure mode enabled requires the use of one or more switches as the Fabric
Configuration Server (FCS). FCS switches in your FCS policy are "trusted" switches. The first
switch in the policy serves as the primary FCS (from which you can configure your fabric),
and each subsequent switch serves as a backup FCS. The order in which switches appear in
the policy represents the order in which each backup switch will take over primary FCS if the
preceding FCS fails. The primary FCS switch is a central point for distributing fabric
configuration information and management changes.
When fabrics are merged (see Figure 5-14 on page 64), the fabric that contains the desired
FCS switch list must have a non-zero security policy version stamp. All other fabrics merging
with that fabric must have a zero security policy version stamps. The security policies, zoning
configuration, password information, and SNMP communication strings are overwritten by the
fabric whose security policy version stamp is non-zero.
Note: An ISL (E_Port) of a switch, which is connected to a Secure Fabric, will be
segmented if the switch is not in the FCS switch list and SCC policy list. AnIncompatible
security data exchange” message will be reported for the E_Port in the event log.
Domain ID
IDID set
Secure Mode set
Security Certificate
64 Getting Started with the IBM 2109 M12 FICON Director
Figure 5-14 Adding a switch to an existing fabric
To add a switch or merge fabrics with secure mode enabled:
1. Verify that all switches have secure mode enabled, insistent domain ID (IDID) mode
enabled, and unique domain IDs.
2. Update the FCS policy list of the base fabric (existing fabric) with the WWN of the switch to
be merged:
In Fabric Manager, right-click the desired base fabric, and then select Security.
A summary opens showing the possible policies that can be set (see Figure 5-15 on
page 65). Select the FCS tab, and then click Add Others.
Add the WWN of the merging switch, and then click Add.
Activate the FCS policy list by clicking Activate, and then review the Security Policy
Review.
–Click Continue, and then click Yes to activate the FCS policy set
The SCC list will be automatically updated with the new WWN. Click Yes to active the
SCC policy set.
LP1-1 LP2-2 LP3-3
zSeries
Devices
IBM_2109_SW_SW62
Domain ID 98
Devices
Merging Fabric
Secure mode enabled
FCS and SCC policy
lists (SW61, SW62, SW63)
Insistent Domain ID
Zero version stamp
IBM_2109_SW_SW63
IBM_2109_SW_SW61
Domain ID 97
Domain ID 99
Secure mode enabled
FCS and SCC policy
lists (SW61, SW62, SW63)
Insistent Domain ID
Non-zero version stamp
Base Fabric
S
e
t
t
i
n
g
s
m
u
s
t
m
a
t
c
h
(
e
x
c
e
p
t
f
o
r
v
e
r
s
i
o
n
s
t
a
m
p
)
Chapter 5. Configuring the FICON Director 65
Figure 5-15 Adding a WWN to the FCS Switch List
3. Establish a secure Telnet session to the switch being merged with the base fabric using
the admin user. Enter the secmodeenable command.
4. When prompted to enter a WWN, domain ID, or switch name to build the FCS list, you
must enter the WWNs of all the switches present in the base fabric, as well as the merging
switch’s WWN. An example is shown in Figure 5-16.
Figure 5-16 Enabling secure mode and creating a new FCS list
Important: The primary switch’s WWN must be at the top of the FCS switch list. Make
sure the order in which you enter the WWNs of the switches matches that of the base
fabrics FCS policy list.

Get Getting Started with the IBM 2109 M12 FICON Director now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.