Zoning Controls which Initiators can talk to which Targets Similar to an ACL in the LAN/WAN world Zoning is required and not optional Default zone policy is to deny Could be change to permit as.... zone default-zone permit vsan 1 system default zone Soft vs Hard Zoning Soft (On by default) initiator registers with the FCNS to get zoning Zoning enforced in the control plane not the data plane Initiator cold manually mount to the wrong Target Have to manually apply changes to the fabric with zoneset distribute vsan 1 Hard (always want to run this mode) Initiator registers with the FCNS to get Zoning Zoning enforced in the control plane and the data plane Initiator cannot manually mount to the wrong Target The Zoning is shared across the fabric with this mode NX-OS / SAN-OS run Hard Zoning by default Inside Zoning Zone vs. Zoneset Zone is used to create a mapping between pWWN/WWPN's, FCID's, Aliases, Interface, Domain-ID, etc Zones are grouped together in a Zoneset I.e. Zoneset is the ACL, Zone is the ACE (access list entry) Zoneset is applied to the VSAN and then activated Makes the "Full" Zoneset become the "Active" Zoneset Zonset's must be re-activated after each change!!!!!! Full vs. Active Zoneset Only one Zoneset per VSAN can be "Active" in the fabric at a time Same logic as on ACL per interface per direction Full Zoneset is the one in the configuration Active Zoneset ist he one being enforced in the Fabric By default on the Active Zoneset is advertised, not the Full Zoneset Can result in misconfigured or "Isolated" fabrics Zoning Configuration and Verification show zone status vsan 1 This will display zone mode and default action (permit or deny) show zone display full zone info show zone active display the currently active zones show zoneset active display the currently active zoneset clear zone database vsan 1 (will receive Active Zoneset from another FC Switch) deletes the local full zone but not the active one zoneset distribute full vsan 1 in global config enables full distribution when a new E port comes up zoneset distribute vsan 1 in exec mode force the distribution of the full zoneset  1.) Server 2 FCO0 sends a FLOGI to N5K1, to receive FCID 2.) FCID is registered wit the FCNS database that is forwarded fabric wide 3.) If you issue the "zone default-zone permit vsan 10" on N5K1 and MDS1 This will allow Server 2 FCO interface to see all disks on JBOD1 via Basic Zoning  As you Server 2 can see all 16 Disk's Zoning for only particular Disks in JBOD 1.) Server 3 FC0 send a FLOGI to N5K1 and receives a FCID 2.) FCID for Server 3 is registered with FCNS throughout the fabric 3.) On MDS2 look at the show flogi database vsan 30 to see the pWWN of DISK 1  4.) On MDS2 look at show fcns database vsan 30 to see the initiator pWWN for Server 3  4.) Now that you have the pWWN for each the initiator and target you can create the zone MDS2 conf t zone name SERVER3_TO_JBOD2_PORT2_DISK0 vsan 30 (config-zone) prompt change member pwwn 22:00:00:11:c6:58:83:2C member pwwn 21:00:00:1b:32:0b:2f:61 5.) Now you need to create a ZoneSet conf t zoneset name VSAN30 vsan 30 (config-zoneset) prompt change member SERVER3_TO_JBOD2_PORT2_DISK0 show run zone  conf t zeonset activate name VSAN30 vsan30 show zone status vsan 30  The active zoneset has one zone show zone active  |
Blog >