Deployment Guide
Admin Domain interactions with other Fabric OS features
The Admin Domain feature provides interaction with other Fabric OS features and across third-party
applications. You can manage Admin Domains with Web Tools as well as the CLI. If the current Admin
Domain owns the switch, you can perform Fabric Watch operations.
Admin Domain interactions do not extend to user session tunneling across switches. A user logged in to
a switch can control only the local switch ports as specified in the Admin Domain.
When the fabric is in secure mode, the following restrictions apply:
• There is no support for ACL configuration under each Administrative Domain.
• ACL configuration commands are allowed only in AD0 and AD255. None of the policy configurations
are validated with AD membership.
The following table lists some of the Fabric OS features and considerations that apply when using
Admin Domains.
Admin Domain interaction with Fabric OS features TABLE 85
Fabric OS feature Admin Domain interaction
ACLs If no user-defined Admin Domains exist, you can run ACL configuration commands in only
AD0 and AD255. If any user-defined Admin Domains exist, you can run ACL configuration
commands only in AD255.
You cannot use ACL configuration commands or validate ACL policy configurations against
AD membership under each Admin Domain.
Advanced
Performance
Monitoring (APM)
All APM-related filter setup and statistics viewing is allowed only if the local switch is part of
the current Admin Domain.
Configuration upload
and download
Refer to Configuration upload and download in an AD context on page 470 for details.
Fabric Watch Fabric Watch configuration operations are allowed only if the local switch is part of the
current Admin Domain.
FC-FC Routing
Service
You can create LSAN zones as a physical fabric administrator or as an individual AD
administrator. The LSAN zone can be part of the root zone database or the AD zone
database.
FCR collects the LSAN zones from all ADs. If both edge fabrics have matching LSAN zones
and both devices are online, FCR triggers a device import.
LSAN zone enforcement in the local fabric occurs only if the AD member list contains both
of the devices (local and imported devices) specified in the LSAN zone.
To support legacy applications, WWNs are reported based on the AD context using NAA=5.
As a result, you cannot use the NAA=5 field alone in the WWN to detect an FC router.
FDMI FDMI operations are allowed only in AD0 and AD255.
FICON Admin Domains support FICON. However, you must perform additional steps because
FICON management requires additional physical control of the ports. You must set up the
switch as a physical member of the FICON AD.
Device Connection Control (DCC) and Switch Connection Control (SCC) policies are
supported only in AD0 and AD255, because ACL configurations are supported only in AD0
and AD255.
Admin Domain interactions with other Fabric OS features
Fabric OS Administrators Guide 467
53-1003130-01