Configuring Zoning for SAN Fabrics

 
Updated August 14, 2025
PDF
Is this helpful? Feedback

New and changed information

The following table provides an overview of the significant changes up to this current release. The table does not provide an exhaustive list of all changes or of the new features up to this release.

Release Version

Feature

Description

Nexus Dashboard 4.1.1

Improved zoning configurations for SAN fabrics through Nexus Dashboard

Beginning with Nexus Dashboard 4.1.1, configuring zoning for SAN fabrics is now performed through Nexus Dashboard.

Nexus Dashboard 4.1.1

View audit logs related to zoning operations in Nexus Dashboard

You can now view and monitor audit logs related to zoning operations in the Nexus Dashboard > Manage > Zoning page. For more information, see View zoning audit logs.

Understanding zoning

Zoning allows you to set up access control between storage devices or user groups. If you have administrator privileges in your fabric, you can create zones to increase the network security and to prevent data loss or corruption. Zoning is enforced by examining the source-destination ID field.

note.svg

When device aliases are used for zoning in Web UI, end devices must be logged into the fabric thus web GUI can configure zoning using device aliases. If end nodes are not logged in, PWWN can be used for zoning.

The following table describes the fields and icons that appear on the Nexus Dashboard Manage > Zoning tab.

Field Description

Zoning Type

Provides support for regular and Inter-VSAN Routing (IVR) zone types. Click the Regular or IVR radio button to select the required zoning type.

Fabric

Specifies the fabric for which you are configuring zones.

If the admin has locked the fabric, you can view a lock icon next to the fabric field.

VSAN

Specifies the VSAN for which you are configuring regular zones.

This field is enabled only if you select Regular in the Zoning Type field.

Region ID

Specifies the region name for which you are configuring IVR zones.

This field is enabled only if you select IVR in the Zoning Type field.

Enhanced Zoning

Configures enhanced zoning capability on the switch. Click the icon next to VSAN text field to view Enhanced Zoning window.

note.svg

Enhanced zoning is supported only for the Regular zone.

For more details, see the Configure enhanced zoning section.

Cisco Fabric Services (CFS)

Configures CFS on the switch. Click the icon next to the Region ID field to view CFS window.

note.svg

CFS is supported only for IVR zoning.

For more details, refer to the Configure CFS section.

Switch

Specifies the switch that you want to add to a zone.

In the Zoning area, click Actions to view the following items:

Field Description

Changes

In the Zoning area, choose Actions > Changes.

  • Enable smart zoning - Enables smart zoning configuration for all the switches.

  • Commit changes - Commits the zoning configuration changes to all the switches. This field is only applicable when a zone is in the enhanced or smart mode.

    Before committing your changes, you can view a dialog box with the pending zone data and the VSAN ID. For more information, see the "Fabric Summary" section and the "Troubleshooting VSAN Zone Locks" section in Understanding Fabric Overview for SAN Fabrics.

  • Discard Pending - Discards the changes in progress.

Database

In the Zoning area, choose Actions > Database.

  • Backup database - Enables you to backup the current VSAN or all the VSANs.

  • Restore database - Enables you to restore the VSANs.

Clear Server Cache

Clears the cache on the server.

Discovery Sync

Synchronizes zoning modules with discovery.

View Unzoned End Devices

Displays a list of unzoned end devices of a fabric. You can view the unzoned devices in all fabrics or the current fabric.

Zone Migration

Opens the Zone Migration wizard for migrating Brocade SAN fabrics into Cisco MDS 9000 SAN fabrics. See Migrate SAN zones from a Brocade switch to a Cisco MDS switch for more information.

Configure enhanced zoning

Enhanced zoning performs all configurations within a single configuration session for regular zoning. When you begin a session, the switch locks the entire fabric to implement the changes.

To configure enhanced zoning:

  1. Click Manage > Zoning.

  2. In the Zoning Type field, choose Regular.

  3. Click the Enhanced Zoning configuration icon next to the VSAN field to view the Enhanced Zoning window.

    The Enhanced Zoning window has the following fields.

    Field Description

    Switch

    Specifies IP address of the switch.

    Mode

    Displays mode of the switch, that can be one of the following:

    • Basic

    • Enhanced

    Result

    Displays the activation results, which can be one of the following:

    • Success

    • Failed

    Config DB locked by

    Displays the role name of locked configuration database.

    Action

    Displays the action on the switch, that can be one of the following:

    • No operation

    • Commit changes

    • Cleanup

    Click edit icon on last column to select required action and click check mark icon to save.

    Last Action Results

    Displays status of last configuration database.

    Enforce full DB merge

    Displays status as enabled or disabled. Click edit icon on last column to select required action and click check mark icon to save.

    Enabling it ensures that both the active and local zones are merged and are identical on all switches for a VSAN.

    Read from

    For enhanced zones or IVR CFS enabled zones when a change is made to zoning DB on a switch, all zone data is pushed into a pending database, until commit command is issued.

    This flag helps user to get data either from pending zone DB (Copy DB) or regular zone DB (Effective DB). Click edit icon on last column to select required action and click check mark icon to save.

    Activation Date

    Specifies date of the zoneset activated.

  4. Click the Edit icon next to the Read from column to choose the required database and click the Tick icon to save.

  5. Change the mode to basic or enhanced, if necessary.

    • To change the mode from basic to enhanced, choose Actions > Set Mode to Enhanced and click Apply.

    • To change the mode from enhanced to basic, choose Actions > Set Mode to Basic and click Apply.

View zoning audit logs

You can view audit logs specific to zoning operations in Nexus Dashboard Manage > Zoning page.

Zoning audit logs are retained for the duration specified in the Zone Audit Logs Days setting in Nexus Dashboard. By default, the audit logs are available for 90 days. Users with administrator privileges can enable zoning audit logging and configure the retention period (in days) in the Admin > System Setting> Advance settings > Zoning > Zone Audit logs days field.

Follow these steps to view zoning audit logs.

  1. Click Manage > Zoning.

  2. Scroll down to the Zoning Audit Log section.

  3. In the Filter by attributes field, enter a column name from the table to sort and display the zoning audit log information.

These fields appear in the Zoning Audit Log table.

Field Description

CreationTime

Specifies the date and time of the zoning operation and log creation.

User

Displays the user role. For example, if a user with admin role creates a ZoneSet, the User field displays admin.

Event Type

Displays the type of the zoning operation. For example, Create ZoneSet.

Details

Displays the additional inforamtion on the audit event. For example, ZoneSet: z1-zoneset created.

Fabric

Displays the name of the fabric associated with the zoning audit log.

VSAN

Specifies the number of VSANS configured on this Zoneset.

Configure CFS

Cisco Fabric Services (CFS) provides a common infrastructure for automatic configuration synchronization in the fabric for IVR zoning. When a CFS is configured on one switch and same properties can be transmitted on other switches. You can enable or disable IVR on the switch. Furthermore, you can enable or disable both CFS and global CFS on the selected switch.

To configure CFS:

  1. Click Manage > Zoning.

  2. In the Zoning Type field, choose IVR.

  3. Click the CFS configuration icon next to the Region ID field to view the CFS window.

    The CFS window has the following fields.

Control

The following table describes the fields that appear in the Control tab.

Fields Description

Switch

Specifies IP address of the switch.

IVR Status

Displays whether IVR is enabled or disabled on the switch.

Edit

Click Edit icon to enable or disable IVR on the switch and click tick mark to save changes.

Refresh

Click Refresh icon to refresh table.

Apply

Click Apply to save changes for each modification on the switch.

Done

Click Done to save all changes and to exit from CFS window.

IVR

The following table describes the fields that appear in the IVR tab.

Fields Description

Switch

Specifies IP address of the switch.

CFS Status

Specifies whether CFS status is enabled or disabled.

Global CFS

Specifies whether this feature is enabled or disabled on the switch.

Read from

Specifies status:

  • Effective DB

  • Copy DB

Lock Owner

Specifies switch is locked by admin.

Merge Status

Specifies fabric merge that occurred.

Region ID

Specifies the region id of the switch.

Edit

Click Edit icon to perform changes in Read from and Region ID column for selected row.

Apply

Click Apply to save changes for each modification on the switch

Refresh

Click Refresh icon to refresh table.

Done

Click Done to save all changes and to exit from CFS window.

You can perform these operations on a switch in the IVR tab:

  • To enable IVR on a switch, choose a switch, then click Actions > Commit and click Apply.

    note.svg

    You can commit changes only if CFS is enabled on a selected switch.

  • To disable IVR on a switch, choose a switch, then click Actions > Abort and click Apply.

  • To clear IVR information on a switch, choose a switch, then click Actions > Clear and click Apply .

  • To enable CFS on a switch, choose a switch, then click Actions > Enable CFS and click Apply.

  • To enable CFS globally on a switch, choose a switch, then click Actions > Disable Global CFS and click Apply.

Action

The following table describes the fields that appear in the Action tab.

Actions Description

Switch

Specifies IP address of the switch.

Active

Specifies switch active status is true or false.

Activation Time

Specifies the activation date and time.

IVR NAT Status

Specifies IVR status is enabled or disabled.

Auto Discover Topology

Specifies whether auto discover topology status is true or false

Edit

Click Edit icon to perform changes in IVR NAT Status and Auto Discover Topology columns for selected row.

Region ID

Specifies the region id of the switch.

Edit

Click Edit icon to perform changes in Read from and Region ID column for selected row.

Apply

Click Apply to save changes for each modification on the switch

Refresh

Click Refresh icon to refresh table.

Done

Click Done to save all changes and to exit from CFS window.

Migrate SAN zones from a Brocade switch to a Cisco MDS switch

This topic describes the steps to migrate SAN zones from a Brocade switch to a Cisco MDS switch. Migrating SAN zones involves the following two steps:

  • Generating and downloading the zoning configuration from the Brocade switch locally.

  • Converting and applying the Brocade zoning configuration to a Cisco MDS switch.

To migrate zones from a Brocade switch to a Cisco MDS switch, perform the following steps:

  1. In the Cisco Nexus Dashboard Web UI, click Manage > Zoning.

  2. In the Zoning area, choose Actions > Zone Migration.

    The Zone Migration wizard opens.

  3. To generate and collect the zoning configuration from the switch and to download it locally, click the Fetch Active Zones From Brocade Switch radio button.

  4. Enter the IP address of the discovered Brocade switch in the Brocade Switch IP Address field and click Fetch.

    The system downloads a text file with the configuration from the Brocade switch onto your local drive.

  5. Click the Migrate Brocade Zones Configuration to MDS radio button and select the configuration file that you have downloaded in the previous step.

  6. In the VSAN Index field, enter the VSAN to which the zone must be added.

    The valid range is 1 to 4093.

  7. [Optional] Check the enable enhanced zone and enable enhanced Device Alias check boxes.

    It is recommended to enable enhanced zone and enhanced device-alias modes in new deployments.

  8. Click Migrate to generate a Cisco compatible zone configuration file.

    The system converts the Brocade switch configuration to a format compatible with Cisco MDS 9000 series switches and downloads the file to your local drive.

  9. To apply the configuration changes to the desired Cisco MDS switch, execute the contents of the file generated from the previous step on the CLI console on the switch.

Working with configured zonesets

The zoneset area displays the configured zonesets and their status based on the fabric, VSAN, and switch you choose. You can create, copy, delete, edit, activate, or deactivate the zonesets on the Manage > Zoning page.

These fields are displayed in the Zonesets table.

Field Description

Zoneset Name

Lists all the names that are configured under the selected Zoneset. Click on the zoneset name to view the summary information in a slide-in pane. Click Edit Zoning to edit and activate zoneset.

Modified

Displays if the zoneset is modified or not.

Activation Date

Specifies date of the zoneset activated.

Create a zoneset

Follow these steps to create a zoneset.

  1. Navigate to Manage > Zoning.

  2. In the Zonesets section, click Actions > Create new zoneset.

    The Create Zoneset dialog box appears.

  3. Enter a valid name for the zoneset, then click Create zoneset.

    A zoneset is created and is listed in the Zonesets section.

Rename a zoneset

Follow these steps to rename a zoneset.

  1. Navigate to Manage > Zoning.

  2. Choose the radio button next to the zoneset that you want to rename in the Zoneset Name column.

  3. Choose Actions > Rename zoneset.

    A dialog box appears with Existing name and Name fields.

  4. Enter a new name in the Name field.

  5. Click Rename.

    The renamed zoneset is displayed in the Zonesets section.

Copy or clone a zoneset

Follow these steps to copy or clone a zoneset.

  1. Choose a zoneset from the table and click Actions > Copy / Clone zoneset or click the ellipsis icon in the last column.

    The Clone or Copy zoneset dialog box displays the Copy and Clone options.

  2. Choose one of these options.

    • Copy: Creates a new zoneset that consists copies of the zones in the initial zoneset.

      • You can prepend or append a string to identify the copied zoneset. Enter a valid string in the Tag field, and choose the Prepend names or Append names radio button.

    • Clone: Creates a new zoneset with a new name consisting of the same zones as the source zoneset.

      • In the New Zoneset Name field, enter a valid name for the new zoneset.

    • Click Apply to clone or copy the zoneset.

      The cloned or the copied zoneset appears in the Zoneset area.

Edit zones and members

Follow these steps to edit a zone name.

  1. Choose the radio button next to the Zoneset Name for the zoneset that you want to edit.

  2. Choose Actions > Edit zones & members or click the ellipsis icon.

    The Zoneset name page appears.

  3. In the Zone Name column, check the check box next to zone name that you want to edit.

  4. Choose the Actions drop-down list to perform Enable smart zoning, clone zone, Rename zone, Rmove from zoneset, and Delete zones (s) actions. For more information, see Create zones.

  5. Choose the Actions drop-down list to perform Add exiting members, Create new member, and Remove members from zone(s) actions in the Members area.

Activate or deactivate a zoneset

Follow these steps to activate or deactivate a zoneset.

  1. Choose the radio button next to the deactivated Zoneset Name and click Activate to activate a zoneset.

    The Zoneset Differences page displays the changes made to the zoneset since it was activated previously.

  2. Click Activate.

  3. Choose the radio button next to the Zoneset Name that you want to deactivate and click Actions > Deactivate to deactivate a zoneset.

    A confirmation dialog box appears.

  4. Click Yes to deactivate the zoneset.

Delete a zoneset

Follow these steps to delete a zoneset.

  1. Choose the zoneset radio button next to the Zoneset Name that you want to delete.

  2. Choose Actions > Delete zoneset.

    A warning dialog box appears to alert you about the delete action.

  3. Click Yes to delete the zoneset.

Create zones

You can create, copy, clone, rename, and delete zones. A zone displays a true or false value only when the VSAN has smart zone enabled. You can also add or remove zones from a zoneset and enable or disable the smart zoning in the zone table.

Follow these steps to create zones.

  1. Navigate to Manage > Zoning.

  2. In the Zonesets area, choose a zoneset.

  3. Click Actions > Edit zones & members.

    The table displays the fields that appear on the Zones tab.

    Field Description

    Filter by Attribute

    You can search by specifying the required zone name, zoneset, and members.

    Add to zoneset

    You can choose a zone name and click Add to zoneset.

    Actions

    You can choose a zone name and an action to perform on the zone name.

    Refresh

    Click the Refresh icon to refresh the zone table.

    Zone Name

    Displays the name of the zone. You can search by specifying the zone name.

    You can click the Topology icon next to the zone name to view the Zone Topology. The topology is displayed in hierarchical left-right layout by default. In the topology view, hover on the nodes to see the tool tip.

    Click on the switch to view the switch summary. Click the Launch icon to view Switch Overview.

    note.svg

    You cannot save any changes made to topology layout from this page.

    Choose a zone name to view the members of the zoneset. The Status column displays if the zone member is online or offline.

    In Zoneset

    Specifies whether a zone is part of a zoneset. Displays true if the zone is part of a zoneset. Otherwise, displays false.

    You can search by choosing true or false from the In Zoneset drop-down list.

    Members

    Specifies the zone members of the zone.

    You can search by specifying the member.

  4. To create a zone, choose Actions > Create new zone.

    1. In the Create new zone, enter a valid name for the Zone, and click Create.

    2. Click Create new zone.

    3. Check the checkbox next to Smart Zoning, to enable smart zoning for new zone.

      A zone is created and is listed in the Zones area.

  5. To enable a smart zone, check the checkbox next to Zone Name that you want to have smart zoning enabled, and choose Actions > Enable smart zoning.

    You can view smart zone column only if smart zoning is enabled for VSAN.

  6. To disable a smart zone, check the checkbox next to Zone Name, and choose Actions > Disable smart zoning.

  7. To Clone Zones, choose Configure > Manage > Zoning > Zones, choose the Zone radio button, and click the Clone Zone icon.

    The Clone Zone page is displayed.

    1. In the Name field, enter a valid name for the new zoneset.

    2. Click Clone to clone the zone.

      The cloned zones appear in the Zones area.

  8. To rename a zone from a zoneset, check the checkbox next to the Zone Name, and choose Actions > Rename zone.

    In the Name field, enter the new name for the zone, and click Rename.

  9. To remove a zone from a zoneset, check the checkbox next to Zone Name, and choose Actions > Remove from zoneset.

    The zone is removed from the Zoneset. A green tick mark disappears next to the Zone name to indicate that the zone is removed from the zoneset.

  10. To delete a zone from a zoneset, check the checkbox next to Zone Name you want to delete, and choose Actions > Delete zone(s).

    You can choose multiple zones to delete more than one zone at a time.

    note.svg

    You cannot delete a zone that is a member of the zoneset. Remove the zone from the zoneset to delete it.

Create FC aliases

The FC aliases feature is supported for regular zones. It is used to associate with one or more pWWNs to a required name. When you add a zone member, you can add an FC alias or delete existing FC aliases.

The FC Aliases tab displays these fields:

  • FC Alias — Specifies the name of FC Alias.

  • Member — Specifies members associated with FC Alias.

To create an FC alias:

  1. Navigate to Manage > Zoning.

  2. In the Zonesets area, choose a zoneset.

  3. Click Actions > Edit zones & members.

    The Zoneset window is displayed.

  4. Click the FC Aliases tab to view the FC Aliases area.

  5. Click Actions > Create new FC Alias.

    The Create new FC Alias window is displayed.

  6. Enter a valid name in a text field and click Create FC Alias.

    An FC alias is created and is listed in the FC Aliases area.

  7. To delete a new FC alias, select the required check box next to the FC Alias column, then click Actions > Delete FC Alias.

Create zoneset members

The Members area displays the zone members and their status based on the zoneset and zone. Enter the required field name in the Filter by attributes text field to view member details.

You can add or remove members, add existing members, and add existing FC aliases to members.

Follow these steps to create a new zoneset member.

  1. Navigate to Manage > Zoning.

  2. In the Zonesets area, choose a zoneset.

  3. Click Actions > Edit zones & members.

    The Zoneset page is displayed.

  4. Choose a zone name to view the list of zone members. The zone member information is displayed in the Members area.

    The table displays the fields that appear on the Members area.

    Field Description

    Zone/FC Alias

    Displays the name of the zone member. You can search by specifying the zone name.

    Member

    Displays the member name for the zone.

    Switch

    Specifies the switch that the zone member is linked. You can search by specifying the switch.

    Interface

    Specifies the interface that the zone member is attached to. You can search by specifying the interface.

    Status

    Specifies the status of zone.

    Zoned By

    Displays the type of zoning. You can search by type of zoning such as WWN, FCID, FC Alias, or iSCSI, FWWN, Device Alias, IP Subnet and many more.

    FCID

    Specifies the FCID associated with the zone member. You can search by specifying the FCID associated with the zone member.

    pWWN

    Specifies the pWWN of the switch. You can search by specifying the WWN of the switch.

  5. In the Members area, click Actions > Create new member.

  6. In the Create and add a new member dialog box, choose the appropriate Zone. Show only common options are displayed by default.

    Click Show all options to display all Zone by options.

    The new member name is based on the Zone by option type you choose. For example, when you choose the WWN option, the name in the text field is for WWN zone. Similarly, when you choose the Domain & Port option, the Domain ID number and Switch Interface name.

  7. Enter a valid name in the text field and click Create Member.

    The Create Member option allows you to add a member to a zone that does not exist in the fabric, currently. This feature can be utilized when the device discovery did not discover all the devices. With the Available to add feature, you can add a discovered device to the zone.

  8. To remove a zone member, check the checkbox next to Zone you want to remove and then click Actions > Remove Member from zone(s).

    You can choose multiple zones in an instance to remove.

  9. To add existing member, choose Actions > Add existing members.

    The table displays the fields that appear on the Add existing members page.

    Field Description

    Zone By

    The Zone by feature determines if the device must be added to the zone using the device WWN or device alias. If you choose Zone By: End Ports, the devices are added to the zones by WWN.

    Similarly, for Zone By: Device Alias and Zone By: FC Alias the devices are added to the zones by Device Alias and FC Alias respectively. Based on the Zone by option you choose, the devices are displayed.

    Member Name

    Displays the name of the zone. You can search by specifying the zone name.

    Type

    Specifies the switch is storage or host.

    Switch

    Specifies the switch that the zone member is linked. You can search by specifying the switch.

    Interface

    Specifies the interface that the zone member is attached to. You can search by specifying the interface.

    pWWN

    Specifies the pWWN of the switch. You can search by specifying the pWWN of the switch.

    VSAN

    Specifies the VSAN the zone member is in.

  10. Choose the appropriate Zone by option and the required Member Name.

  11. Click Add members.

    note.svg

    You can choose multiple zones at a time. When you do so, a dialog box appears with a list of all the currently chosen zones in the zone table.

About Active Zones

The following sections provide information on Active Zones.

View regular zones information

You can view all the regular zones that are configured in the Nexus Dashboard. Click Analyze > Active Zones, then click the Regular Zones tab.

The following table describes the fields that appear in the Regular Zones window.

Field Description

Zone

Specifies the name of the zone.

Fabric

Specifies the name of the fabric.

VSANS

Specifies the number of VSANS configured on this Zone.

Zone Sets

Specifies the name of zone set to which the zone belongs.

Zone

Displays the zone under which this member is present.

Click the Topology icon next to the zone name to view Zone Topology. The topology is displayed in hierarchical left-right layout by default.

In the topology view, hover on the nodes to see tool tip. Click on switch to view the switch summary. Click Launch icon to view the Switch Overview window.

note.svg

You cannot save any changes made to topology layout from this screen.

Switch Interface/WWN

Specifies the switch interface or WWN of the switch that the zone member is attached to.

PWWN

Specifies the associated pWWN to the switch.

Member Name

Displays the name of the zone member.

Zoned By

Displays the type of zoning. You can search by type of zoning such as WWN, FCID, fcAlias, or iSCSI.

View IVR zones information

You can view all the IVR zones configured in the Nexus Dashboard. Click Analyze > Active Zones, then click the IVR Zones tab.

The following table describes the fields that appear in the IVR Zones window.

Field Description

Fabric

Specifies the fabric name.

VSANS

Specifies the number of VSANS configured on this Zone.

Zone Sets

Specifies the name of Zone set to which the zone belongs.

Zone

Displays the zone under which this member is present.

Switch Interface/WWN

Specifies the switch interface or WWN of the switch that the zone member is attached to.

PWWN

Specifies the associated pWWN to the switch.

Member Name

Displays the name of the zone member.

Zoned By

Displays the type of zoning. You can search by type of zoning such as WWN, FCID, fcAlias, or iSCSI.

First Published: 2025-01-31
Last Modified: 2025-01-31

Need help?