Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)
Fabric OS Administrator’s Guide 265
53-1002148-02
Security and zoning
11
The switch configuration file can also be uploaded to the host for archiving and it can be
downloaded from the host to a switch in the fabric. See “Configuration file backup” on page 182,
“Configuration file restoration” on page 184, or the configUpload and configDownload commands
in the Fabric OS Command Reference for additional information on uploading and downloading the
configuration file.
Security and zoning
Zones provide controlled access to fabric segments and establish barriers between operating
environments. They isolate systems with different uses, protecting individual systems in a
heterogeneous environment; for example, when zoning is in secure mode, no merge operations
occur.
Brocade Advanced Zoning is configured on the primary Fabric Configuration Server (FCS). The
primary FCS switch makes zoning changes and other security-related changes. The primary FCS
switch also distributes zoning to all other switches in the secure fabric. All existing interfaces can
be used to administer zoning.
You must perform zone management operations from the primary FCS switch using a zone
management interface, such as Telnet or Web Tools. You can alter a zone database, provided you
are connected to the primary FCS switch.
When two secure fabrics join, the traditional zone merge does not occur. Instead, a zone database
is downloaded from the primary FCS switch of the merged secure fabric. When E_Ports are active
between two switches, the name of the FCS server and a zoning policy set version identifier are
exchanged between the switches. If the views of the two secure fabrics are the same, the fabric’s
primary FCS server downloads the zone database and security policy sets to each switch in the
fabric. If there is a view conflict, the E_Ports are segmented due to incompatible security data.
All zones should use frame-based hardware enforcement; the best way to do this is to use WWN
identification exclusively for all zoning configurations.
Zone merging
When a new switch is added to the fabric, it automatically takes on the zone configuration
information from the fabric. You can verify the zone configuration on the switch using the procedure
described in “Viewing the configuration in the effective zone database” on page 261.
If you are adding a switch that is already configured for zoning, clear the zone configuration on that
switch before connecting it to the zoned fabric. See “Clearing all zone configurations” on page 262
for instructions.
Adding a new fabric that has no zone configuration information to an existing fabric is very similar
to adding a new switch. All switches in the new fabric inherit the zone configuration data. If the
existing fabric has an effective zone configuration, then the same configuration becomes the
effective configuration for the new switches.