HP 8/80 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 135
Zoning considerations, Setting default zoning to no access
View all HP 8/80 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 135 highlights
Zoning considerations 3 Link IP Addr : 10.32.72.76 Link GW IP Addr : 10.32.64.1 Link Net Mask : 255.255.240.0 Link MAC Addr : 00:05:1e:53:89:03 Link MTU : 1500 Link State : UP Media Type : DISK Rebalance Recommended: NO System Card Label : System Card CID : Remote EE Reachability : Node WWN/Slot EE IP Addr EE State IO Link State 10:00:00:05:1e:54:22:36/0 10.32.72.62 EE_STATE_ONLINE Reachable 10:00:00:05:1e:47:30:00/1 10.32.72.104 EE_STATE_ONLINE Reachable 10:00:00:05:1e:47:30:00/3 10.32.72.105 EE_STATE_ONLINE Reachable 10:00:00:05:1e:47:30:00/10 10.32.72.106 EE_STATE_ONLINE Reachable 10:00:00:05:1e:47:30:00/12 10.32.72.107 EE_STATE_ONLINE Reachable (output truncated) Zoning considerations When encryption is implemented, frames sent between a host and a target LUN are redirected to a virtual target within an encryption switch or blade. Redirection zones are created to route these frames. When redirection zones are in effect, direct access from host to target should not be allowed to prevent data corruption. Zone hosts and targets together before configuring them for encryption. Redirection zones are automatically created to redirect the host-target traffic through the encryption engine, but redirection zones can only be created if the host and target are already zoned. Setting default zoning to no access Initially, default zoning for all Brocade switches is set to All Access. The All Access setting allows the Brocade Encryption Switch, DCX, or DCX-4S to join the fabric and be discovered before zoning is applied. If there is a difference in this setting within the fabric, the fabric will segment. Before committing an encryption configuration in a fabric, default zoning must be set to No Access within the fabric. The No Access setting ensures that no two devices on the fabric can communicate with one another without going through a regular zone or a redirection zone. 1. Check the default zoning setting. Commonly, it will be set to All Access. switch:admin> defzone --show Default Zone Access Mode committed - All Access transaction - No Transaction 2. From any configured primary FCS switch, change the default zoning setting to No Access. switch:admin> defzone --noaccess switch:admin> cfgfsave The change will be applied within the entire fabric. Fabric OS Encryption Administrator's Guide 117 53-1001864-01