Cisco MDS 9000 Family Fabric Manager Quick Configuration Guide - Configuring Zones and Zone Sets [Cisco MDS 9000 NX-OS and SAN-OS Software]

Table Of Contents

Configuring Zones and Zone Sets

Configuring Zones

Creating Zone Sets

What's Next?

Configuring Zones and Zone Sets

Before setting up zones and zone sets make sure you have configured VSANs and interfaces. See Chapter 5, "Configuring VSANs and Interfaces."

Zoning enables you to set up access control between storage devices or user groups. If you have administrator privileges in your fabric, you can create zones to increase network security and to prevent data loss or corruption. You can configure up to 8K zones in a VSAN.

Note Devices that do not belong to a zone follow the policy of the default zone.

Figure 6-1 describes the steps for configuring zones and zone sets. See Appendix D, "Configuration Files," for details on saving configuration files.

Figure 6-1 Zones and Zone Sets

This chapter includes the following sections:

•Configuring Zones

•Creating Zone Sets

•What's Next?

Configuring Zones

Zones are configured within VSANs. The Logical tab displays the VSANs configured in the currently discovered fabric. Note that zone information must always be identical for all the switches in the network fabric. You can configure up to 8K zones in a VSAN.

To configure pWWN-based zones using the Zone configuration tool, follow these steps:

Step 1 Click the Edit Local Full Zone Database icon as shown in Figure 6-2.

Figure 6-2 Edit Local Full Zone Database

Note For details about the icons and buttons used in Fabric Manager, see "Fabric Manager Client Quick Tour" section on page 4-6.

You see the Select VSAN dialog box. (See Figure 6-3.)

Figure 6-3 Select VSAN

Step 2 Select the VSAN where you want to configure zones or zone sets, or add members to a zone. (See Figure 6-3.) Click OK.

Step 3 Click Zones then click Insert icon to make a new zone. We recommend that you use meaningful names for a zone. For example, you could use email05_HBA2_EMC_FA11a. (See Figure 6-4.)

Figure 6-4 Edit Local Full Zone Database

Tip Instead of configuring zones using pWWNs, you can use device aliases as zone members. Device aliases are a distributed, fabric-wide database consisting of unique mappings of plain text names for pWWN mappings. For details on configuring device aliases, refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide.

Step 4 Drag and drop devices into the zone. Once the zone is populated with the devices, the name of the zone is displayed in italics. Click Add to zone or alias to move devices up or down by alias or by zone. (See Figure 6-5.)

Figure 6-5 Adding Devices to a Zone Set

Creating Zone Sets

A zone set consists of one or more zones. A zone can be a member of more than one zone set and consists of multiple zone members. Members in a zone can access each other; members in different zones cannot access each other. Devices can belong to more than one zone.

A zone set can be activated or deactivated as a single entity across all switches in the fabric. Only one zone set can be activated at any time. If zoning is not activated, all devices are members of the default zone. If zoning is activated, any device that is not in an active zone (a zone that is part of an active zone set) is a member of the default zone.

Zoning can be administered from any switch in the fabric. When you activate a zone (from any switch), all switches in the fabric receive the active zone set. Additionally, full zone sets are distributed to all switches in the fabric if this feature is enabled in the source switch.

Tip Zone sets are configured with the names of the member zones. If the zone set is in a configured VSAN, you must also specify the VSAN.

To create zone sets, follow these steps:

Step 1 Click Zone > Edit Local Full Zone Database from the Zone menu or right-click a VSAN folder in the Logical tab and choose Edit Local Full Zone Database from the pop-up menu.

Step 2 Select a VSAN and click OK.

You see the VSAN you selected in the Edit Local Full Zone Database window.

Step 3 Right-click the Zonesets folder in the Edit Local Full Zone Database dialog box for that VSAN and select Insert to add a zone set (see Figure 6-6).

Figure 6-6 Insert a new zone set

Step 4 Assign a name to the new zone set.

Step 5 In the left pane, drag and drop zones into the zone set.

Step 6 After creating a zone set, you must activate it to take effect. Click a zone set to activate it or right-click the zone set and select Activate. This configuration is distributed to the other switches in the network fabric.

Note When you confirm the activate operation, the current running configuration is saved to the startup configuration. This permanently saves any changes made to the running configuration (not just zoning changes).

You see a dialog box that shows whether the zone set activation or deactivation was successful (see Figure 6-7).

Figure 6-7 Zone Set Activation/Deactivation

Step 7 Click Close to close the dialog box.

Step 8 After creating a zone set and activating it, make sure you save the configuration file. See Appendix D, "Configuration Files," for details about copying and saving configuration files.

What's Next?

After completing the procedures in this book, your Cisco MDS 9000 Family switch can provide the basic, minimal Fibre Channel services necessary to enable hosts to access their storage. Beyond this, you will want to set up security, management, and monitoring for your network. These tasks are beyond the scope of this document. However, the following tasks should be performed to leverage the full abilities of the MDS switch.

Security

•Configure DNS servers.

•Enable SSH and disable Telnet.

•Create unique user names for each user.

•Create and assign roles for users that do not include network administrative privileges.

•Configure TACACS+/Radius for centralized user management.

Management

•Configure a syslog server.

•Configure time/date/timezone and additionally NTP.

•Configure schedules and jobs to regularly back up the configuration of the MDS switch.

•Configure device aliases.

Monitoring

•If licensed, configure Fabric Manager Server to provide historical and performance trending.

•Configure Call Home.

	Cisco MDS 9000 Family Fabric Manager Quick Configuration Guide
	Configuring Zones and Zone Sets
Cisco MDS 9000 Family Fabric Manager Quick Configuration Guide Index Preface Overview Initial Switch Configuration Installing Fabric Manager Fabric Manager Client Configuring VSANs and Interfaces Configuring Zones and Zone Sets Launching Fabric Manager in Cisco SAN-OS Releases Prior to 3.2(1) Quick Config Wizard Configuring Static Domain IDs and Persistent FC IDs Configuration Files	Download this chapter Configuring Zones and Zone Sets Download the complete book Full Book PDF (PDF - 4 MB) Feedback Table Of Contents Configuring Zones and Zone Sets Configuring Zones Creating Zone Sets What's Next? Configuring Zones and Zone Sets Before setting up zones and zone sets make sure you have configured VSANs and interfaces. See Chapter 5, "Configuring VSANs and Interfaces." Zoning enables you to set up access control between storage devices or user groups. If you have administrator privileges in your fabric, you can create zones to increase network security and to prevent data loss or corruption. You can configure up to 8K zones in a VSAN. Note Devices that do not belong to a zone follow the policy of the default zone. Figure 6-1 describes the steps for configuring zones and zone sets. See Appendix D, "Configuration Files," for details on saving configuration files. Figure 6-1 Zones and Zone Sets This chapter includes the following sections: •Configuring Zones •Creating Zone Sets •What's Next? Configuring Zones Zones are configured within VSANs. The Logical tab displays the VSANs configured in the currently discovered fabric. Note that zone information must always be identical for all the switches in the network fabric. You can configure up to 8K zones in a VSAN. To configure pWWN-based zones using the Zone configuration tool, follow these steps: Step 1 Click the Edit Local Full Zone Database icon as shown in Figure 6-2. Figure 6-2 Edit Local Full Zone Database Note For details about the icons and buttons used in Fabric Manager, see "Fabric Manager Client Quick Tour" section on page 4-6. You see the Select VSAN dialog box. (See Figure 6-3.) Figure 6-3 Select VSAN Step 2 Select the VSAN where you want to configure zones or zone sets, or add members to a zone. (See Figure 6-3.) Click OK. Step 3 Click Zones then click Insert icon to make a new zone. We recommend that you use meaningful names for a zone. For example, you could use email05_HBA2_EMC_FA11a. (See Figure 6-4.) Figure 6-4 Edit Local Full Zone Database Tip Instead of configuring zones using pWWNs, you can use device aliases as zone members. Device aliases are a distributed, fabric-wide database consisting of unique mappings of plain text names for pWWN mappings. For details on configuring device aliases, refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide. Step 4 Drag and drop devices into the zone. Once the zone is populated with the devices, the name of the zone is displayed in italics. Click Add to zone or alias to move devices up or down by alias or by zone. (See Figure 6-5.) Figure 6-5 Adding Devices to a Zone Set Creating Zone Sets A zone set consists of one or more zones. A zone can be a member of more than one zone set and consists of multiple zone members. Members in a zone can access each other; members in different zones cannot access each other. Devices can belong to more than one zone. A zone set can be activated or deactivated as a single entity across all switches in the fabric. Only one zone set can be activated at any time. If zoning is not activated, all devices are members of the default zone. If zoning is activated, any device that is not in an active zone (a zone that is part of an active zone set) is a member of the default zone. Zoning can be administered from any switch in the fabric. When you activate a zone (from any switch), all switches in the fabric receive the active zone set. Additionally, full zone sets are distributed to all switches in the fabric if this feature is enabled in the source switch. Tip Zone sets are configured with the names of the member zones. If the zone set is in a configured VSAN, you must also specify the VSAN. To create zone sets, follow these steps: Step 1 Click Zone > Edit Local Full Zone Database from the Zone menu or right-click a VSAN folder in the Logical tab and choose Edit Local Full Zone Database from the pop-up menu. Step 2 Select a VSAN and click OK. You see the VSAN you selected in the Edit Local Full Zone Database window. Step 3 Right-click the Zonesets folder in the Edit Local Full Zone Database dialog box for that VSAN and select Insert to add a zone set (see Figure 6-6). Figure 6-6 Insert a new zone set Step 4 Assign a name to the new zone set. Step 5 In the left pane, drag and drop zones into the zone set. Step 6 After creating a zone set, you must activate it to take effect. Click a zone set to activate it or right-click the zone set and select Activate. This configuration is distributed to the other switches in the network fabric. Note When you confirm the activate operation, the current running configuration is saved to the startup configuration. This permanently saves any changes made to the running configuration (not just zoning changes). You see a dialog box that shows whether the zone set activation or deactivation was successful (see Figure 6-7). Figure 6-7 Zone Set Activation/Deactivation Step 7 Click Close to close the dialog box. Step 8 After creating a zone set and activating it, make sure you save the configuration file. See Appendix D, "Configuration Files," for details about copying and saving configuration files. What's Next? After completing the procedures in this book, your Cisco MDS 9000 Family switch can provide the basic, minimal Fibre Channel services necessary to enable hosts to access their storage. Beyond this, you will want to set up security, management, and monitoring for your network. These tasks are beyond the scope of this document. However, the following tasks should be performed to leverage the full abilities of the MDS switch. Security •Configure DNS servers. •Enable SSH and disable Telnet. •Create unique user names for each user. •Create and assign roles for users that do not include network administrative privileges. •Configure TACACS+/Radius for centralized user management. Management •Configure a syslog server. •Configure time/date/timezone and additionally NTP. •Configure schedules and jobs to regularly back up the configuration of the MDS switch. •Configure device aliases. Monitoring •If licensed, configure Fabric Manager Server to provide historical and performance trending. •Configure Call Home.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks