3–Managing Fabric SecurityDevice Security59266-01 B 3-3Figure 3-1. Port Binding Dialog BoxDevice SecurityDevice security provides for the authorization and authentication of devices thatyou attach to a switch. You can configure a switch with a group of devices againstwhich the switch authorizes new attachments by devices, other switches, ordevices issuing management server commands.Device security is configured through the use of security sets and groups. A groupis a list of device World Wide Names that are authorized to attach to a switch.There are three types of groups: one for other switches (ISL), another for devices(Port), and a third for devices issuing management server commands (MS).A security set is a set of up to three groups with no more than one of each grouptype. The orphan security set contains the security groups and members that donot belong to a security set. Activating a security set applies security to the switchor fabric. Only one security set can be active at one time.An active security set with an ISL group allows changes to the security set topropagate to the other switches in the ISL group. ISL group WWN, domain ID, andconfiguration information (except secrets) propagate to the other switches in theISL group so that all of the switches have the same security information. If fabricbinding is enabled on the ISL group, WWNs and domain IDs are verified againstthe ISL group information before allowing a connection by another switch,providing another level of security.
