Table 67 – Dell POWEREDGE M1000E User Manual
Page 457
Fabric OS Administrator’s Guide
457
53-1002745-02
SAN management with Admin Domains
17
You cannot switch to another Admin Domain context from within the shell created by ad
--
select. You must first exit the shell, and then issue the ad --select command again.
Example of switching to a different Admin Domain context
The following example switches to the AD12 context and back. Note that the prompt changes
to display the Admin Domain.
switch:admin> ad --select 12
switch:AD12:admin> logout
switch:admin>
Admin Domain interactions with other Fabric OS features
The Admin Domain feature provides interaction with other Fabric OS features and across
third-party applications. You can manage Admin Domains with Web Tools as well as the CLI. If the
current Admin Domain owns the switch, you can perform Fabric Watch operations.
Admin Domain interactions do not extend to user session tunneling across switches. A user logged
in to a switch can control only the local switch ports as specified in the Admin Domain.
When the fabric is in secure mode, the following restrictions apply:
•
There is no support for ACL configuration under each Administrative Domain.
•
ACL configuration commands are allowed only in AD0 and AD255. None of the policy
configurations are validated with AD membership.
lists some of the Fabric OS features and considerations that apply when using Admin
Domains.
TABLE 67
Admin Domain interaction with Fabric OS features
Fabric OS feature
Admin Domain interaction
ACLs
If no user-defined Admin Domains exist, you can run ACL configuration commands in only
AD0 and AD255. If any user-defined Admin Domains exist, you can run ACL configuration
commands only in AD255.
You cannot use ACL configuration commands or validate ACL policy configurations
against AD membership under each Admin Domain.
Advanced Performance
Monitoring (APM)
All APM-related filter setup and statistics viewing is allowed only if the local switch is part
of the current Admin Domain.
Configuration upload
and download
“Configuration upload and download in an AD context”
on page 460 for details.
Fabric Watch
Fabric Watch configuration operations are allowed only if the local switch is part of the
current Admin Domain.
FC-FC Routing Service
You can create LSAN zones as a physical fabric administrator or as an individual AD
administrator. The LSAN zone can be part of the root zone database or the AD zone
database.
FCR collects the LSAN zones from all ADs. If both edge fabrics have matching LSAN
zones and both devices are online, FCR triggers a device import.
LSAN zone enforcement in the local fabric occurs only if the AD member list contains
both of the devices (local and imported devices) specified in the LSAN zone.
To support legacy applications, WWNs are reported based on the AD context using
NAA=5. As a result, you cannot use the NAA=5 field alone in the WWN to detect an FC
router.