Zone configuration management, Security and zoning, Zone merging – Dell POWEREDGE M1000E User Manual
Page 336
336
Fabric OS Administrator’s Guide
53-1002745-02
Zone configuration management
11
Zone configuration management
You can add, delete, or remove individual elements in an existing zone configuration to create an
appropriate configuration for your SAN environment. After the changes have been made, save the
configuration to ensure the configuration is permanently saved in the switch and that the
configuration is replicated throughout the fabric.
The switch configuration file can also be uploaded to the host for archiving and it can be
downloaded from the host to a switch in the fabric. See
“Configuration file restoration”
on page 246, or the configUpload and configDownload commands
in the Fabric OS Command Reference for additional information on uploading and downloading the
configuration file.
Security and zoning
Zones provide controlled access to fabric segments and establish barriers between operating
environments. They isolate systems with different uses, protecting individual systems in a
heterogeneous environment; for example, when zoning is in secure mode, no merge operations
occur.
Brocade Advanced Zoning is configured on the primary fabric configuration server (FCS). The
primary FCS switch makes zoning changes and other security-related changes. The primary FCS
switch also distributes zoning to all other switches in the secure fabric. All existing interfaces can
be used to administer zoning.
You must perform zone management operations from the primary FCS switch using a zone
management interface, such as Telnet or Web Tools. You can alter a zone database, provided you
are connected to the primary FCS switch.
When two secure fabrics join, the traditional zone merge does not occur. Instead, a zone database
is downloaded from the primary FCS switch of the merged secure fabric. When E_Ports are active
between two switches, the name of the FCS server and a zoning policy set version identifier are
exchanged between the switches. If the views of the two secure fabrics are the same, the fabric’s
primary FCS server downloads the zone database and security policy sets to each switch in the
fabric. If there is a view conflict, the E_Ports are segmented due to incompatible security data.
All zones should use frame-based hardware enforcement; the best way to do this is to use WWN
identification exclusively for all zoning configurations.
Zone merging
When a new switch is added to the fabric, it automatically takes on the zone configuration
information from the fabric. You can verify the zone configuration on the switch using the procedure
described in
“Viewing the configuration in the effective zone database”
If you are adding a switch that is already configured for zoning, clear the zone configuration on that
switch before connecting it to the zoned fabric. See
“Clearing all zone configurations”
for instructions.