Fibre Channel (SAN)

Reply
New Contributor
Posts: 2
Registered: ‎07-14-2009

NPIV and Device Connection Control

Hi,

is it possible to use NPIV while having DCC enabled?

Here's the scenario:

- two SAN-fabrics, each of them made up of three Brocade 48000 running FabricOS 6.2.1b

- Administrative Domains enabled (affected servers are in AD0 only)

- NPIV enabled on all ports

- DCC enabled and policies active for all ports

Everything works fine as long as only one "physical" WWN is used per DCC.

NPIV-WWNs can be added to a DCC (single DCC with switch port plus "physical" WWN plus NPIV-WWNs or separate DCCs for physical + NPIV-WWNs), but when the NPIV-WWN tries to login to the switch, it is not granted access (Security violation: Unauthorized device xx:xx:xx:xx:xx:xx:xx:xx tries to flogin to port yy).

Thanks&kind regards,

Daniel

Valued Contributor
Posts: 931
Registered: ‎12-30-2009

Re: NPIV and Device Connection Control

With NPIV there's no FLOGI for virtuals. The virtual does an FDISC instead.

That might explain your sec access violation.

I'm not sure is there's a workaround which allows you to have the physical and virtual wwn's in a policy.

@@@update@@@

Found some information regardin security policies and as I understand it it wors as follows.

The switch will check the device against the DCC ACL after the FLOGI.

With NPIV you'll have and FDISC and PLOGI etc. at initialization but not an FLOGI thus access is denied.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.