Zoning concepts
The following zoning concepts provide some context for the zoning tasks described in this section:
•Zones
•Aliases
•Zone sets
•Zoning database
•Zoning configuration
Zones
A zone is a named group of ports or devices that can communicate with each other. Membership in a zone is defined by port number, device Fibre Channel address, or device World Wide Name (WWN). Zone members can communicate only with members of the same zone. Zones can overlap
Three zone types are supported, but have restrictive levels of communication. These zone types are:
•Soft zone
•Access control list (ACL) - hard zone
•Virtual private fabric (VPF) - hard zone
Soft zoning
Soft zoning divides the fabric to control discovery. Members of the same soft zone automatically discover and communicate freely with all other members of the same zone. The soft zone boundary is not secure; traffic across soft zones can occur if addressed correctly. Soft zones that include members from multiple switch modules need not include the ports of the interswitch links. Soft zone boundaries yield to ACL and VPF zone boundaries. Soft zones can overlap
Access control list zones
Access control list (ACL) zoning divides the fabric to control discovery and inbound traffic. ACL zoning is a type of hard zoning that is hardware enforced. This type of zoning is useful for controlling access to certain devices without totally isolating them from the fabric. Members can communicate with each other and transmit outside the ACL zone but cannot receive inbound traffic from outside the zone. The ACL zone boundary is secure against inbound traffic. ACL zones can overlap
Virtual private fabric zones
Virtual private fabric (VPF) zoning divides the fabric for purposes of controlling discovery and both inbound and outbound traffic. This type of zoning is useful for providing security and reserving paths between devices to guarantee bandwidth. VPF zoning is a type of hard zoning that is hardware enforced. Members can transmit to and receive only from members of the same VPF zone. The VPF zone boundary is secure against both inbound and outbound traffic. VPF zones that include members from multiple switch modules must include the ports of the interswitch links. VPF zones cannot overlap
✏NOTE
Domain ID conflicts can result in automatic reassignment of switch module domain IDs. These reassignments are not reflected in zones that use domain ID and port number pairs or Fibre Channel addresses to define their membership. Be sure to reconfigure zones that are affected by a domain ID change. To prevent zoning definitions from becoming invalid when the membership is defined by domain ID/port number or Fibre Channel address, you must lock domain IDs.
89