3 – Managing Fabrics
Zoning a Fabric
59048-02 A 3-15
Q
3.4.1.1.2
Access Control List Hard Zones
Access Control List (ACL) zoning divides the fabric for purposes of controlling
discovery and inbound traffic. ACL zoning is a type of hard zoning that is
hardware enforced. This type of zoning is useful for controlling access to certain
devices without totally isolating them from the fabric. Members can communicate
with each other and transmit outside the ACL zone, but cannot receive inbound
traffic from outside the zone. The ACL zone boundary is secure against inbound
traffic. ACL zones can overlap; that is, a port can be a member of more than one
ACL zone. ACL zones that include members from multiple switches need not
include the ports of the inter-switch links. ACL zone boundaries supersede soft
zone boundaries, but yield to VPF zone boundaries. Membership can be defined
only by domain ID and port number. ACL zoning supports all port modes except
TL_Ports.
3.4.1.1.3
Virtual Private Fabric Hard Zones
Virtual Private Fabric (VPF) zoning divides the fabric for purposes of controlling
discovery and both inbound and outbound traffic. This type of zoning is useful for
providing security and reserving paths between devices to guarantee bandwidth.
VPF zoning is a type of hard zoning that is hardware enforced. Members can only
transmit to and receive from members of the same VPF zone. The VPF zone
boundary is secure against both inbound and outbound traffic. VPF zones that
include members from multiple switches must include the ports of the inter-switch
links. VPF zones cannot overlap; that is, a port can be a member of only one VPF
zone. VPF zone boundaries supersede both soft and ACL zone boundaries.
Membership can be defined only by domain ID and port number. VPF zoning
supports all port modes.
Note: Domain ID conflicts can result in automatic reassignment of switch
domain IDs. These reassignments are not reflected in zones that use
domain ID and port number pairs or Fibre Channel addresses to define
their membership. Be sure to reconfigure zones that are affected by a
domain ID change. To prevent zoning definitions from becoming invalid
when the membership is defined by domain ID/port number or Fibre
Channel address, you must lock domain IDs. Refer to ”Domain ID and
Domain ID Lock” on page 4-16 and ”Set Config Command” on page A-
32 for more information.