beautypg.com

Setting default zoning to no access, Frame redirection zoning – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 154

background image

136

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

Zoning considerations

3

Setting default zoning to no access

Initially, default zoning for all Brocade Encryption Switches is set to All Access. The All Access
setting allows the Brocade Encryption Switch and DCX Backbone chassis to join the fabric and be
discovered before zoning is applied. If there is a difference in this setting within the fabric, the
fabric will segment.

Before committing an encryption configuration in a fabric, default zoning must be set to No Access
within the fabric. The No Access setting ensures that no two devices on the fabric can
communicate with one another without going through a regular zone or a redirection zone.

1. Check the default zoning setting. Commonly, it will be set to All Access.

switch:admin> defzone --show

Default Zone Access Mode

committed - All Access

transaction - No Transaction

2. From any configured primary FCS switch, change the default zoning setting to No Access.

switch:admin> defzone --noaccess

switch:admin> cfgfsave

The change will be applied within the entire fabric.

Frame redirection zoning

Name Server-based frame redirection enables the Brocade Encryption Switch or blade to be
deployed transparently to hosts and targets in the fabric.

NS-based frame redirection is enabled as follows:

You first create a zone that includes host (H) and target (T). This may cause temporary traffic
disruption to the host.

You then create a CryptoTarget container for the target and configure the container to allow
access to the initiator.

When you commit the transaction, a special zone called a “redirection zone” is generated
automatically. The redirection zone includes the host (H), the virtual target (VT), the virtual
initiator (VI), and the target (T).

When configuring multi-path LUNs, do not commit the CryptoTarget container configuration
before you have performed the following steps in sequence to prevent data corruption. Refer to
the section

“Configuring a multi-path Crypto LUN”

on page 153 for more information.

-

Complete all zoning for ALL hosts that should gain access to the targets.

-

Complete the CryptoTarget container configuration for ALL target ports in sequence,
including adding the hosts that should gain access to these targets.

Host-target zoning must precede any CryptoTarget configuration.

NOTE

To enable frame redirection, the host and target edge switches must run Fabric OS v6.1.1 and
Fabric OS v5.3.1.b or later firmware to ensure host and target connectivity with legacy platforms. In
McDATA fabrics, the hosts and the switches hosting the targets require firmware versions
M-EOSc 9.8 and M-EOSn 9.8 or later.

See also other documents in the category Brocade Computer Accessories: