HP Cisco MDS 9216 - Fabric Switch Configuration Manual page 1322

Zone Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Zone Configuration
Zoning enables you to set up access control between storage devices or user groups. If you have
administrator privileges in your fabric, you can create zones to increase network security and to prevent
data loss or corruption. Zoning is enforced by examining the source-destination ID field. Cisco
FabricWare does not support QoS, broadcast, LUN, or read-only zones.
You can use the Fabric Manager zone configuration tool to manage zone sets, zones, and zone
membership for switches running Cisco FabricWare. Cisco FabricWare supports zone membership by
pWWN. See the
Security
Cisco FabricWare supports the following security features:
•
•
•
•
Cisco FabricWare can use the RADIUS protocol to communicate with remote AAA servers. RADIUS is
a distributed client/server protocol that secures networks against unauthorized access. In the Cisco
implementation, RADIUS clients run on Cisco MDS 9000 Family switches and send authentication
requests to a central RADIUS server that contains all user authentication and network service access
information.
You can access the CLI using the console (serial connection), Telnet, or Secure Shell (SSH). For each
management path (console or Telnet and SSH), you can configure one or more of the following security
control options: local, remote (RADIUS), or none.
Using these access methods, you can configure the roles that each authenticated user receives when they
access the switch. Cisco FabricWare supports two fixed roles: network administrator and network
operator.
IP access lists (IP-ACLs) control management traffic over IP by regulating the traffic types that are
allowed or denied to the switch. IP-ACLs can only be configured for the mgmt0 port.
Fabric Manager Server uses SNMPv1 and SNMPv2 to communicate with Cisco FabricWare.
Events
You can monitor fabric and switch status for Cisco FabricWare switches through either a syslog server
or an SNMP trap receiver.
The syslog, or system message logging software, saves messages in a log file or directs the messages to
other devices. This feature provides you with the following capabilities:
•
•
•
Cisco MDS 9000 Family Fabric Manager Configuration Guide
D-2
"Configuring a Zone Using the Zone Configuration Tool" section on page
RADIUS
SSH
User-based roles
IP access control lists
Provides logging information for monitoring and troubleshooting
Allows you to select the types of captured logging information
Allows you to select the destination server to forward the captured logging information
Appendix D Managing Cisco FabricWare
30-12.
OL-8007-10, Cisco MDS SAN-OS Release 3.x