Fibre Channel (SAN)

Reply
Occasional Contributor
oliverq
Posts: 17
Registered: ‎10-27-2008

Default Zone setting...

Is it disruptive to change the "default zone" setting?

Moderator
Antonio Bongiorno TechHelp24
Posts: 3,804
Registered: ‎02-23-2004

Re: Default Zone setting...

what you mean whit "default zone" setting?

change the Zone, or add a New Alias / Member in the active Zone ?

TechHelp24
Occasional Contributor
oliverq
Posts: 17
Registered: ‎10-27-2008

Re: Default Zone setting...

Okay,

The "Default Zone" mode can be found in the zoning policies and the two options are as follows:

Disable: No access

Enable: All access

The default zoning mode controls device access if zoning is not implemented or if there is no

effective zone configuration. The default zoning mode has two options:

We have implemented zoning but the mode hasn't been changed to "no access".  Will changing the setting be disruptive to our envronment?



Contributor
andy.woodward
Posts: 56
Registered: ‎09-14-2009

Re: Default Zone setting...

If you have an effective zone configuration, the "Default Zone" is not being utilized and there is no reason to change it. If you do re-enable the default zone with "No Access" it will be disruptive as no ports will be enabled.

Moderator
Antonio Bongiorno TechHelp24
Posts: 3,804
Registered: ‎02-23-2004

Re: Default Zone setting...

I understand a customer Defined Zone.

But your mean in the question the "defzone" command.

I believe ( i dont have any switch here, and cannot testthe command ) this command is generally Disruptive when --allaccess is set.

Here details from a CLI Manuals.



--

Sets the default zone access mode to All Access, initiates a zoning

transaction (if one is not already in progress), and deletes the reserved

zoning objects by performing the equivalent to the following zoning

commands:



                       cfgDelete "d_efault_Cfg"

                       zoneDelete "d_efault_Zone"



A cfgSave, cfgEnable, or cfgDisable command must be performed

subsequent to the use of this command to commit the changes and

distribute them to the fabric. If a cfgSave is performed and the fabric is

already in the No Access default zone state, a cfgDisable is sent to the fabric.

For example

:

primaryfcs:admin>

defzone --allaccess

primaryfcs:admin>



cfgsave

An audit log record is generated for each use of this command.

allaccess

TechHelp24
Occasional Contributor
oliverq
Posts: 17
Registered: ‎10-27-2008

Re: Default Zone setting...

Thanks for the heads-up!  Since we have zone configs in place, I don't think that we will force the issue with changing the setting...

Occasional Contributor
Daryl
Posts: 17
Registered: ‎09-20-2007

Re: Default Zone setting...

We have been happily creating Single Initiator Zoning for each server's HBA.  The goal is that any server that is NOT zoned gets NO ACCESS to the storage device on the SAN.  I was reading the Zoning best practices document and is suggests implementing "default zone --noaccess".  I checked my director's current setting and found that it is configured for "all access".  So, it appears to me that although we are creating zones, because the switch's default setting allows "all access" that our zoning is not as discrete as we thought.

If I issue the command "defzone --noaccess" will this affect my existing zones, or will it only affect those HBA's that are connected but not zoned?

Super Contributor
hemant_1
Posts: 425
Registered: ‎03-03-2010

Re: Default Zone setting...

The help defzone shows :

DS4800_B16_SW1:admin> help defzone

Administrative Commands                               defZone(1m)

NAME
     defZone - Activates or deactivates a default zone
     configuration

SYNOPSIS
     defzone

DESCRIPTION
     defzone
     This command sets the Default Zone access mode to No Access,
     initializes a zoning transaction (if one is not already in
     progress), and creates the reserved zoning objects
     equivalent to the following zoning commands:

             cfgCreate "d__efault__Cfg ", "d__efault__Zone"

             zoneCreate "d__efault__Zone",
                             "00:00:00:00:00:00:00:01"

     A cfgSave, cfgEnable, or cfgDisable command must be
     performed subsequent to the use of this command to commit
     the changes and distribute them to the fabric. For example,

             cfgSave
             defZone --noaccess

     An audit log record will be generated for each use of this
     command option.

     Once No Access default zoning is activated, the user may do
     either of the following:

     a. cfgDisable of the current effective zone configuration.
     In this case
        the local switch would convert the cfgDisable command to
     cfgEnable "d__efault__Cfg".

     b. cfgDisable.  When zoning receives a cfgDisable command
     from a remote switch that does not support default zoning,
     zoning will reject the cfgDisable command in the second
     phase of RCS because the remote switch does not convert the
     cfgDisable command to a "cfgEnable d__efault__Cfg" command.

     defzone
     This command sets the Default Zone access mode to All
     Access, initiates a zoning transaction (if one is not
     already in progress), and deletes the reserved zoning
     objects by doing the equivalent to the following zoning
     commands:

             cfgDelete "d__efault__Cfg "
             zoneDelete "d__efault__Zone"

Fabric OS                   2007-09-29                          1

Administrative Commands                               defZone(1m)

     A cfgSave, cfgEnable, or cfgDisable command must be
     performed subsequent to the use of this command to commit
     the changes and distribute them to the fabric.  If a cfgSave
     is performed and the fabric is already in the No Access
     Default Zone state, then a cfgDisable will be sent to the
     fabric. For example,

             defZone --allaccess
             cfgSave

     An audit log record will be generated for each use of this
     command option.

     defzone
     This command shows the current state of the Default Zone
     access mode.

NOTES
     This command requires a Brocade Advanced Zoning license.

     When security mode is enabled, this command can be issued
     only from the primary FCS switch.

     Names with the prefix "d__efault__" are reserved for default
     zoning use. No editing of those objects are permitted.

     cfgShow will not show the names of the default zone objects.

     If "d__efault__Cfg" is the effective zone configuration,
     then both cfgShow and cfgActvShow will not show
     "d__efault__Cfg" as the effective zone configuration.

EXAMPLES
     To create a default zone configuration:

       switch:admin> cfgActvShow

       Effective configuration:
        no configuration in effect

       switch:admin> defZone --noaccess

       switch:admin> cfgSave

       switch:admin> defZone --show

       Default Zone Access Mode
             committed - No Access
             transaction - No Transaction

=================================================================================================

so if you have an active configuration is there no need to do anything even if it is with all access, it does not have anything to do with defzone...so do not do anything like defzone --noaccess, it may  disruptive.

If you look at it I have done this and here is the answer:

DS4800_B16_SW1:admin> defzone --show
Default Zone Access Mode
        committed - All Access
        transaction - No Transaction
==========================================
DS4800_B16_SW1:admin> defzone --noaccess
You are about to set the Default Zone access mode to No Access
Do you want to set the Default Zone access mode to No Access ? (yes, y, no, n): y
DS4800_B16_SW1:admin> defzone --show
Default Zone Access Mode
        committed - All Access
        transaction - No Access
DS4800_B16_SW1:admin> defZone --show
Default Zone Access Mode
        committed - All Access
        transaction - No Access
DS4800_B16_SW1:admin> defZone --noaccess
You are about to set the Default Zone access mode to No Access
Do you want to set the Default Zone access mode to No Access ? (yes, y, no, n): y
duplicate name
DS4800_B16_SW1:admin> cfgsave
You are about to save the Defined zoning configuration. This
action will only save the changes on Defined configuration.
Any changes made on the Effective configuration will not
take effect until it is re-enabled.
Do you want to save Defined zoning configuration only?  (yes, y, no, n): y
Updating flash ...
DS4800_B16_SW1:admin> defZone --show
Default Zone Access Mode
       committed - No Access
        transaction - No Transaction

See the difference

  pls make the thread correct if you find it helpful

Occasional Contributor
Daryl
Posts: 17
Registered: ‎09-20-2007

Re: Default Zone setting...

Hemant,

Thanks for your reply.  I can see newly connected HBA's are connecting to my storage device without me zoning them.  I believe that this is due to the default zone setting currently set for "allaccess".  I want to stop this from happening.  I can not tell from the Brocade help text exactly what ramifications issuing the "--noaccess" command will have on my existing configuration/zoning.

When you did your test did you have existing zones?  Did they get deleted/modified?  Did the existing zones still work?

Thanks

Super Contributor
hemant_1
Posts: 425
Registered: ‎03-03-2010

Re: Default Zone setting...

hi,

Yes I had zones but no device was connected. after trying all commands, i was able to see the zones in effective config.in ur case i do not know exactly what has happened. how the devices are getting access to each other, normally it should no taccess unless they r defined in defined config and cfgsave.cfgenable for effective config.pls show me the zoneshow output here.

if u find the thread correct then pls make it correct

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.