Enabling Hard Zoning - HP 5920 SERIES Fc And Fcoe Configuration Manual

In enhanced zoning mode, the merge control mode affects the result of a merge operation. Also, a merge
operation is allowed only when the merge control mode is the same on both participating switches.
Otherwise, the merge operation fails, and the link connecting the participating switches is isolated.
This feature is supported only in enhanced zoning mode. To ensure a consistent merge control mode
across the fabric, use the zone activate or zone distribute command after you configure a merge control
mode.
To configure a merge control mode:
Step
1. Enter system view.
2. Enter VSAN view.
3. Configure a merge control
mode.

Enabling hard zoning

Switches implement zone access control in one of the following methods:
Soft zoning—When a registered node queries the nodes in the current fabric through generic
•
service packets, the switch filters the nodes based on zone rules and returns only the nodes
matching the zone rules. Because soft zoning is an access control method used only when a node
accesses other nodes, it can restrict only the result of queries that a node initiates to switches, and
it cannot directly control the underlayer traffic. When a node performs traffic attacks against the
node that should be filtered by zone rules, soft zoning cannot perform access control for the node.
• Hard zoning—Hard zoning converts the zone configurations into lower-layer driver rules and
deploys the rules to the hardware to form hardware zone rules. Hardware zone rules ensure that the
traffic in the switch is forwarded strictly based on zone rules. This method is a strict control method.
The two methods can work separately and supplement each other. They work together to implement
node access control based on the zone configurations.
Hard zoning takes effect only when the hardware resources are sufficient for deploying zone rules. Soft
zoning is always in effect. When the underlayer resources are not sufficient for deploying the hardware
zone rules of the current VSAN, the system clears all deployed hardware zone rules in order to keep the
integrity of rules, and the system automatically disables hard zoning. In this case, only soft zoning is in
effect.
To improve the security for a VSAN, you can enable hard zoning for the VSAN. When soft zoning is
enough for meeting the access control requirements of a VSAN, you can disable hard zoning for the
VSAN to save the hardware entry resources.
After hard zoning is enabled for a VSAN, the system triggers deploying all zone rules of the VSAN. After
hard zoning is disabled for a VSAN, the system clears the hardware zone rules already deployed for the
VSAN and stops deploying new zone rules for the VSAN.
In enhanced zoning mode, zone distribution distributes hard zoning status with other zone data. In basic
zoning mode, you must manually configure hard zoning to ensure consistency across the fabric.
Command
system-view
vsan vsan-id
•
Configure the merge control
mode as Restrict:
zone merge-control restrict
•
Configure the merge control
mode as Allow:
undo zone merge-control restrict
111
Remarks
N/A
N/A
The default merge control mode is
Allow.