Send documentation comments to mdsfeedback-doc@cisco.com.
22-21
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 22 FICON Configuration
Fabric Binding Configuration
Port-level checking for xE-ports
•switch login uses both port binding as well as the fabric binding feature for a given VSAN.
•Binding checks are done on the port VSAN:
–
E-port security binding check is done on port VSAN.
–
TE-port security binding check is done in each allowed VSAN.
While port security complements fabric binding, they are independent features and can be enabled or
disabled separately.
Fabric Binding Enforcement
To enforce fabric binding, configure the switch world wide name (sWWN) to specify the xE port
connection for each switch. Enforcement of fabric binding policies are done on every activation and
when the port tries to come up. However, enforcement of fabric binding at the time of activation happens
only if the VSAN is a FICON VSAN. The fabric binding feature requires all sWWNs connected to a
switch and their persistent domain IDs to be part of the fabric binding active database.
To configure fabric binding in each switch in the fabric, follow these steps.
Step 1 Enable the fabric configuration feature.
Step 2 Configure a list of sWWNs and their corresponding domain IDs for devices that are allowed to access
the fabric.
Step 3 Activate the fabric binding database.
Step 4 Save the fabric binding configuration.
Step 5 Verify the fabric binding configuration.
Enabling Fabric Binding
The fabric binding feature must be enabled in each switch in the fabric that participates in the fabric
binding. By default, this feature is disabled in all switches in the Cisco MDS 9000 Family. The
configuration and verification commands for the fabric binding feature are only available when fabric
binding is enabled on a switch. When you disable this configuration, all related configurations are
automatically discarded.
User defines specific switches that are allowed to
connect to the fabric, regardless of the physical
port to which the peer switch is connected.
User specifies the specific physical port(s) to which
another device can connect.
Does not learn logging in switches. Learns about switches or devices if in learning
mode.
Table 22-2 Fabric Binding and Port Security Comparison (continued)
Fabric Binding Port Security