Zoning Enforcement; Software-Enforced Zoning; Hardware-Enforced Zoning - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

defined configuration if you have modified any of the zone definitions and have not saved the
configuration.
• Disabled Configuration—The effective configuration is removed from flash memory.
When you disable the effective configuration, the Advanced Zoning feature is disabled on the fabric, and
all devices within the fabric can communicate with all other devices (unless you previously set up a default
zone, as described in
is deleted, however, only that there is no configuration active in the fabric.
On power-up, the switch automatically reloads the saved configuration. If a configuration was active when
it was saved, the same configuration is reinstated on the local switch with an autorun of the cfgEnable
command.

Zoning enforcement

Zoning enforcement describes a set of predefined rules that the switch uses to determine where to send
incoming data. There are two methods of enforcement: software-enforced and hardware-enforced zoning.
Zoning enables you to restrict access to devices in a fabric. Software-enforced zoning prevents hosts from
discovering unauthorized target devices, while hardware-enforced zoning prevents a host from accessing a
device it is not authorized to access.

Software-enforced zoning

Software-enforced zoning is used for any mixed zone (a zone with both WWN and domain,port
members).
Software-enforced zoning:
• Is also called soft zoning, name server zoning, fabric-based zoning, or session-based zoning.
• Is available on 1, 2, 4, 8 and 10 Gbps platforms.
• Prevents hosts from discovering unauthorized target devices.
• Ensures that the name server does not return any information to an unauthorized initiator in response to
a name server query.
• Does not prohibit access to the device. If an initiator has knowledge of the network address of a target
device, it does not need to query the name server to access it, which could lead to undesired access to
a target device by unauthorized hosts.
• Is exclusively enforced through selective information presented to end nodes through the fabric Simple
Name Server (SNS). When an initiator queries the name server for accessible devices in the fabric, the
name server returns only those devices that are in the same zone as the initiator. Devices that are not
part of the zone are not returned as accessible devices.

Hardware-enforced zoning

Hardware-enforced zoning means that each frame is checked by hardware (the ASIC) before it is delivered
to a zone member and is discarded if there is a zone mismatch. When hardware-enforced zoning is
active, the Fabric OS switch monitors the communications and blocks any frames that do not comply with
the effective zone configuration. The switch performs this blocking at the transmit side of the port on which
the destination device is located.
Hardware-enforced zoning is in effect when all of the members of a zone are identified the same way,
either using WWNs or domain,port notation.
If a zone does not have either all WWN or all domain,port entries, software-enforced zoning is in effect.
For overlapping zones (in which zone members appear in two or more zones), hardware-enforced zoning
is in effect as long as the overlapping zones have either all WWN or all domain,port entries.
Hardware-enforced zoning:
• Is also called hard zoning or ASIC-enforced zoning.
• Prevents a host from discovering unauthorized target devices.
• Prevents a host from accessing a device it is not authorized to access.
"Default zoning mode" on page 212). This does not mean that the zoning database
Fabric OS 6.1.1 administrator guide 199