Fabric Binding Configuration; Port Security Versus Fabric Binding - Cisco DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor Configuration Manual

Chapter 24 Configuring FICON
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .

Fabric Binding Configuration

The fabric binding feature ensures ISLs are only enabled between specified switches in the fabric
binding configuration. Fabric binding is configured on a per-VSAN basis and can only be implemented
in FICON VSANs. You can still perform fabric binding configuration in a non-FICON VSAN—these
configurations will only come into effect after FICON is enabled.
This feature helps prevent unauthorized switches from joining the fabric or disrupting current fabric
operations. It uses the Exchange Fabric Membership Data (EFMD) protocol in FICON networks to
ensure that the list of authorized switches is identical in all switches in the fabric.
This section has the following topics:
•
•
•
•
•
•
•
•
•

Port Security Versus Fabric Binding

Port security and fabric binding are two independent features that can be configured to complement each
other (see
Table 24-3
Fabric Binding
Uses a set of sWWN and a persistent Domain ID. Uses pWWNs/nWWNs or fWWNs/switch WWNs.
Binds the fabric at the switch level.
Authorizes only the configured sWWN stored in
the fabric binding database to participate in the
fabric.
Activation is required on a per VSAN basis.
User defines specific switches that are allowed to
connect to the fabric, regardless of the physical
port to which the peer switch is connected.
Does not learn logging in switches.
OL-6973-03, Cisco MDS SAN-OS Release 2.x
"Port Security Versus Fabric Binding" section on page 24-37
"Fabric Binding Enforcement" section on page 24-38
"Fabric Binding Initiation" section on page 24-38
"Switch WWN List Configuration" section on page 24-39
"Fabric Binding Activation" section on page 24-39
"Saving Fabric Binding Configurations" section on page 24-40
"Clearing the Fabric Binding Statistics" section on page 24-41
"Deleting the Fabric Binding Database" section on page 24-41
"Verifying Fabric Binding Configurations" section on page 24-42
Table 24-3).
Fabric Binding and Port Security Comparison
Port Security
Binds devices at the interface level.
Allows a preconfigured set of Fibre Channel
devices to logically connect to a SAN port(s). The
switchport, identified by a WWN or interface
number, connects to a Fibre Channel device (a host
or another switch), also identified by a WWN. By
binding these two devices, you lock these two ports
into a group (list).
Activation is required on a per VSAN basis.
User specifies the specific physical port(s) to which
another device can connect.
Learns about switches or devices if in learning
mode.
Cisco MDS 9000 Family Configuration Guide
Fabric Binding Configuration
24-37