Fibre Channel Zoning-Based Access Control - Cisco MDS 9000 series Configuration Manual

Nx-os ip services multilayer switches

Hide thumbs Also See for MDS 9000 series:

Command reference manual (1464 pages)

Configuration manual (344 pages)

Troubleshooting manual (161 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

Table of Contents

Configuring iSCSI

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

Fibre Channel Zoning-Based Access Control

Cisco SAN-OS Release 3.x and NX-OS Release 4.1(1b) VSAN and zoning concepts have been extended

to cover both Fibre Channel devices and iSCSI devices. Zoning is the standard access control mechanism

for Fibre Channel devices, which is applied within the context of a VSAN. Fibre Channel zoning has

been extended to support iSCSI devices, and this extension has the advantage of having a uniform,

flexible access control mechanism across the whole SAN.

Common mechanisms for identifying members in a Fibre Channel zone are the following (see the Cisco

MDS 9000 Family NX-OS Fabric Configuration Guide for details on Fibre Channel zoning):

•

In the case of iSCSI, multiple iSCSI devices may be connected behind an iSCSI interface.

Interface-based zoning may not be useful because all the iSCSI devices behind the interface will

automatically be within the same zone.

In transparent initiator mode (where one Fibre Channel virtual N port is created for each iSCSI host as

described in the

mapping then the standard Fibre Channel device pWWN-based zoning membership mechanism can be

used.

Zoning membership mechanism has been enhanced to add iSCSI devices to zones based on the

following:

•

For iSCSI hosts that do not have a static WWN mapping, the feature allows the IP address or iSCSI node

name to be specified as zone members. Note that iSCSI hosts that have static WWN mapping can also

use these features. IP address based zone membership allows multiple devices to be specified in one

command by providing the subnet mask.

Note

In proxy initiator mode, all iSCSI devices connecting to an IPS port gain access to the Fibre Channel

fabric through a single virtual Fibre Channel N port. Zoning based on the iSCSI node name or IP address

will not have any effect. If zoning based on pWWN is used, then all iSCSI devices connecting to that

IPS port will be put in the same zone. To implement individual initiator access control in proxy initiator

mode, configure an iSCSI ACL on the virtual target (see the

page

Cisco MDS 9000 Family NX-OS IP Services Configuration Guide

4-20

Fibre Channel device pWWN.

Interface and switch WWN. Device connecting via that interface is within the zone.

"Transparent Initiator Mode" section on page

IPv4 address/subnet mask

IPv6 address/prefix length

iSCSI qualified name (IQN)

Symbolic-node-name (IQN)

4-21).

Chapter 4

4-11), if an iSCSI host has static WWN

"iSCSI-Based Access Control" section on

OL-19525-01,Cisco MDS NX-OS Release 4.2(1)

Configuring iSCSI

Table of Contents

Fibre Channel Zoning-Based Access Control - Cisco MDS 9000 series Configuration Manual

Fibre Channel Zoning-Based Access Control

Related Manuals for Cisco MDS 9000 series

Related Content for Cisco MDS 9000 series

Table of Contents