01-14-2011 03:47 AM
is it possible to use NPIV while having DCC enabled?
Here's the scenario:
- two SAN-fabrics, each of them made up of three Brocade 48000 running FabricOS 6.2.1b
- Administrative Domains enabled (affected servers are in AD0 only)
- NPIV enabled on all ports
- DCC enabled and policies active for all ports
Everything works fine as long as only one "physical" WWN is used per DCC.
NPIV-WWNs can be added to a DCC (single DCC with switch port plus "physical" WWN plus NPIV-WWNs or separate DCCs for physical + NPIV-WWNs), but when the NPIV-WWN tries to login to the switch, it is not granted access (Security violation: Unauthorized device xx:xx:xx:xx:xx:xx:xx:xx tries to flogin to port yy).
01-19-2011 01:48 AM
With NPIV there's no FLOGI for virtuals. The virtual does an FDISC instead.
That might explain your sec access violation.
I'm not sure is there's a workaround which allows you to have the physical and virtual wwn's in a policy.
Found some information regardin security policies and as I understand it it wors as follows.
The switch will check the device against the DCC ACL after the FLOGI.
With NPIV you'll have and FDISC and PLOGI etc. at initialization but not an FLOGI thus access is denied.