Cisco Nexus 5000 Series Switch Fabric Manager Software Configuration Guide, NX-OS 4.0 (OL-16598-01, June 2008)

ManualsBrandsHP ManualsStorageHP SN6000C 8Gb 32-port Fibre Channel Switch

331

332

333

334

335

336

337

338

339

340

Send comments to nx5000-docfeedback@cisco.com

25-2

Nexus 5000 Series Switch Fabric Manager Software Configuration Guide

OL-16598-01

Chapter 25 Configuring Fabric Binding

Information About Fabric Binding

Port Security Versus Fabric Binding

Port security and fabric binding are two independent features that can be configured to complement each

other. Table 25-1 compares the two features.

Port-level checking for xE ports is as follows:

• The switch login uses both port security binding and fabric binding for a given VSAN.

• Binding checks are performed on the port VSAN as follows:

–

E port security binding check on port VSAN

–

TE port security binding check on each allowed VSAN

While port security complements fabric binding, they are independent features and can be enabled or

disabled separately.

Fabric Binding Enforcement

To enforce fabric binding, configure the switch world wide name (sWWN) to specify the xE port

connection for each switch. Enforcement of fabric binding policies are done on every activation and

when the port tries to come up. For a Fibre Channel VSAN, the fabric binding feature requires all

sWWNs connected to a switch to be part of the fabric binding active database.

Table 25-1 Fabric Binding and Port Security Comparison

Fabric Binding Port Security

Uses a set of sWWNs and a persistent domain

ID.

Uses pWWNs/nWWNs or fWWNs/sWWNs.

Binds the fabric at the switch level. Binds devices at the interface level.

Authorizes only the configured sWWN stored in

the fabric binding database to participate in the

fabric.

Allows a preconfigured set of Fibre Channel

devices to logically connect to a SAN port. The

switch port, identified by a WWN or interface

number, connects to a Fibre Channel device (a host

or another switch), also identified by a WWN. By

binding these two devices, you lock these two ports

into a group (or list).

Requires activation on a per VSAN basis. Requires activation on a per VSAN basis.

Allows specific user-defined switches that are

allowed to connect to the fabric, regardless of the

physical port to which the peer switch is

connected.

Allows specific user-defined physical ports to

which another device can connect.

Does not learn about switches that are logging in. Learns about switches or devices that are logging in

if learning mode is enabled.

Cannot be distributed by CFS and must be

configured manually on each switch in the

fabric.

Can be distributed by CFS.