Enabling Hard Zoning; Overview; Configuration Restrictions And Guidelines - HP FlexFabric 5700 Series Configuration Manual

Fcoe configuration

Hide thumbs Also See for FlexFabric 5700 Series:

Security configuration manual (460 pages)

Configuration manual (132 pages)

Configuration manual (63 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

page of 185

/ 185
Contents
Table of Contents
Bookmarks

Table of Contents

This feature is supported only in enhanced zoning mode. To ensure a consistent merge control mode

across the fabric, use the zone activate or zone distribute command after you set a merge control mode.

To set a merge control mode:

Step

Enter system view.

Enter VSAN view.

Set a merge control mode.

Enabling hard zoning

Overview

Switches implement zone access control in one of the following methods:

Soft zoning—When a registered node queries the nodes in the current fabric through generic

•

service packets, soft zoning filters the nodes based on zone rules and returns only the matching

nodes. Soft zoning is always in effect.

Because soft zoning is used only when a node accesses other nodes, it can restrict only the result

of queries that a node initiates to switches, and it cannot directly control the underlayer traffic.

When a node performs traffic attacks against the node that should be filtered by zone rules, soft

zoning cannot perform access control for the node.

•

Hard zoning—Hard zoning converts the zone configurations into lower-layer driver rules and

deploys the rules to the hardware to form hardware zone rules. Then, the traffic in the switch is

forwarded strictly based on hardware zone rules. Hard zoning takes effect only when the hardware

resources are sufficient for deploying zone rules.

When the underlayer resources are not sufficient for deploying the hardware zone rules of the

current VSAN, the system performs the following operations:

Clears all deployed hardware zone rules in order to keep the integrity of rules.

Automatically disables hard zoning.

To improve the security for a VSAN, you can enable hard zoning for the VSAN. After hard zoning

is enabled for a VSAN, the system triggers deploying all zone rules of the VSAN. After hard

zoning is manually disabled for a VSAN, the system clears the hardware zone rules already

deployed for the VSAN and stops deploying new zone rules for the VSAN.

The two methods can work separately and supplement each other. They work together to implement

node access control based on the zone configurations.

Configuration restrictions and guidelines

When you configure hard zoning, follow these restrictions and guidelines:

Command

system-view

vsan vsan-id

•

Set the merge control mode to

Restrict:

zone merge-control restrict

•

Set the merge control mode to

Allow:

undo zone merge-control restrict

Remarks

N/A

The default setting is Allow.

Table of Contents

Enabling Hard Zoning; Overview; Configuration Restrictions And Guidelines - HP FlexFabric 5700 Series Configuration Manual

Enabling hard zoning

Overview

Configuration restrictions and guidelines

Related Manuals for HP FlexFabric 5700 Series

Related Content for HP FlexFabric 5700 Series

Table of Contents