Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5197
Views
10
Helpful
5
Replies

Zoning and Zoneset creation with Cisco MDS 9148

Go to solution
MSL
Level 1
Level 1

‎09-24-2017 01:53 AM - edited ‎03-01-2019 06:15 AM

Hi

 

We used to work with Brocade in GUI interface and alo there were no concept of VSAN. With UCS and MDS we are creating teh zones, zoneset and looking for soem guidance

 

#show flogi database -> shows all wwns for the connected devices, do we have any other comnmands to check connected wwns?

Do we need to create both device-alias and fcalias for each wwns?

By default all connected device's wwns will be in default VSAN 1, so if we use default VSAN 1 with UCS means there is no need for the creation of zoning and zoneset and does this allow access between all nodes and sotrage?

#zone name <name> VSAN <> -> with each zone we add all storage wwns and blade wwns for correspomngd VSAN

#zoneset name <> vsan <> -> alll zones will be added for corresponding VSAN to this zoneset. Once we addd new zones do we need to active the zoneset each time?

Once we created new zone, zoneset with a new VSAN what to do with earlier created / automatically added wwns to default VSAN / zone / zoneset?

Is there any GUI available for MDS, so it will be easier to configure & manage all zones same as Brocade switches.

How can we take a backup of MDS before making any changes?

Do we need to enable smart-zoning? Each SAN switch is configured with different set of VSANs

 

Thanks in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Walter Dey
VIP Alumni
VIP Alumni
In response to MSL

‎09-25-2017 09:34 AM - edited ‎09-25-2017 09:41 AM

see inline

Q. Do we need to create both device-alias and fcalias for each wwns?

You do either device-alias OR fcalias; however, I would recommend device alias

 see eg. http://lejyphilip.blogspot.ch/2012/08/dfference-between-fcalias-device-alias.html

 

Q. If we go with default VSAN, then is it required to do zoning / zoneset to communicate all connected devices?

 Never use default VSAN wich is VSAN 1; remember any port (physical, port-channel, logical) is in a VSAN; and by default they are in VSAN 1.

Zoning has to be done per VSAN; eg. if you have 2 VSAN's 100, 200; the some end devices are doing flogi in VSAN 100 others in 200; and you do separate zoning for VSAN 100 and 200; means, you have a active zoneset for each VSAN.

 

Q. Do we need to enable smart-zoning? Each SAN switch is configured with different set of VSANs

see eg. https://www.cisco.com/c/dam/en/us/products/collateral/storage-networking/mds-9100-series-multilayer-fabric-switches/at_a_glance_c45-708533.pdf

https://www.cisco.com/c/en/us/support/docs/storage-networking/zoning/116390-technote-smartzoning-00.html

Smart zoning is a optimization, if you have very big zones ! 

The alternative is Single Initiator (or Single-Init, Single-Target) zones, but in large environments, the creation of all these separate zones is a big operational overhead.

 

Q. We didn't find command to device alias in enhanced mode, can you please help? 

CLI: device-alias mode enhanced

see https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/nx-os/configuration/guides/fabric/fabric_cli_4_2_published/cli_fabric/ddas.pdf

 Device alias supports two modes: basic and enhanced mode.

• When device alias runs in the basic mode, all applications function like the applications on the 3.0 switches. When you configure the basic mode using device aliases, the application immediately expands to pWWNs. This operation continues until the mode is changed to enhanced.

 

• When device alias runs in the enhanced mode, all applications accept the device-alias configuration in the native format. The applications store the device alias name in the configuration and distribute it in the device alias format instead of expanding to pWWN. The applications track the device alias database changes and take actions to enforce it.

 

When the device alias mode is changed from basic to enhanced mode, the applications are informed about the change.

The applications start accepting the device alias-based configuration in the native format.

 

Note Because the device alias was previously running in the basic mode, the applications do not have any prior native device alias configuration.

 

The applications check for an exisiting device alias cofiguration in the native format. If the device alias is in the native format, the applications reject the request and device alias mode cannot be changed to basic.

All native device alias configurations (both on local and remote switches) must be explicitly removed, or all device alias members must be replaced with the corresponding pWWN before changing the mode back to basic.

The process can be automated using the force option. Use the no device-alias mode enhanced force command to enable applications to automatically replace all device alias members with the corresponding pWWNs. If a device alias member does not have a corresponding pWWN mapping in the device alias database, the configuration will be removed.

View solution in original post

5 Replies 5

Go to solution
MSL
Level 1
Level 1
In response to Walter Dey

‎09-25-2017 05:40 AM

Thank You Walter. Still doubt on below points

 

Q. Do we need to create both device-alias and fcalias for each wwns?

 

Q. If we go with default VSAN, then is it required to do zoning / zoneset to communicate all connected devices?

 

Q. Do we need to enable smart-zoning? Each SAN switch is configured with different set of VSANs

 

Q. We didn't find command to device alias in enhanced mode, can you please help?

 

Thank You

0 Helpful

Go to solution
Walter Dey
VIP Alumni
VIP Alumni
In response to MSL

‎09-25-2017 09:34 AM - edited ‎09-25-2017 09:41 AM

see inline

Q. Do we need to create both device-alias and fcalias for each wwns?

You do either device-alias OR fcalias; however, I would recommend device alias

 see eg. http://lejyphilip.blogspot.ch/2012/08/dfference-between-fcalias-device-alias.html

 

Q. If we go with default VSAN, then is it required to do zoning / zoneset to communicate all connected devices?

 Never use default VSAN wich is VSAN 1; remember any port (physical, port-channel, logical) is in a VSAN; and by default they are in VSAN 1.

Zoning has to be done per VSAN; eg. if you have 2 VSAN's 100, 200; the some end devices are doing flogi in VSAN 100 others in 200; and you do separate zoning for VSAN 100 and 200; means, you have a active zoneset for each VSAN.

 

Q. Do we need to enable smart-zoning? Each SAN switch is configured with different set of VSANs

see eg. https://www.cisco.com/c/dam/en/us/products/collateral/storage-networking/mds-9100-series-multilayer-fabric-switches/at_a_glance_c45-708533.pdf

https://www.cisco.com/c/en/us/support/docs/storage-networking/zoning/116390-technote-smartzoning-00.html

Smart zoning is a optimization, if you have very big zones ! 

The alternative is Single Initiator (or Single-Init, Single-Target) zones, but in large environments, the creation of all these separate zones is a big operational overhead.

 

Q. We didn't find command to device alias in enhanced mode, can you please help? 

CLI: device-alias mode enhanced

see https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/nx-os/configuration/guides/fabric/fabric_cli_4_2_published/cli_fabric/ddas.pdf

 Device alias supports two modes: basic and enhanced mode.

• When device alias runs in the basic mode, all applications function like the applications on the 3.0 switches. When you configure the basic mode using device aliases, the application immediately expands to pWWNs. This operation continues until the mode is changed to enhanced.

 

• When device alias runs in the enhanced mode, all applications accept the device-alias configuration in the native format. The applications store the device alias name in the configuration and distribute it in the device alias format instead of expanding to pWWN. The applications track the device alias database changes and take actions to enforce it.

 

When the device alias mode is changed from basic to enhanced mode, the applications are informed about the change.

The applications start accepting the device alias-based configuration in the native format.

 

Note Because the device alias was previously running in the basic mode, the applications do not have any prior native device alias configuration.

 

The applications check for an exisiting device alias cofiguration in the native format. If the device alias is in the native format, the applications reject the request and device alias mode cannot be changed to basic.

All native device alias configurations (both on local and remote switches) must be explicitly removed, or all device alias members must be replaced with the corresponding pWWN before changing the mode back to basic.

The process can be automated using the force option. Use the no device-alias mode enhanced force command to enable applications to automatically replace all device alias members with the corresponding pWWNs. If a device alias member does not have a corresponding pWWN mapping in the device alias database, the configuration will be removed.

Go to solution
MSL
Level 1
Level 1
In response to Walter Dey

‎09-26-2017 09:59 AM - edited ‎09-26-2017 10:15 AM

Thank You Walter

 

  • We configured device aliases and decided to go with that, but if we go with fcalias will it give any addtional benift in terms of security?
  • Regarding VSAN:- Initially we thorught we have to mention VSAN just with zone, zoneset (and with fcalias if we use it), later once we go through your reply we noticed "remember any port (physical, port-channel, logical) is in a VSAN". This means in addition to zone/zoneset we need to change the VSAN for all ports (physical, virtual, UCS FI uplink port on MDS, storage port etc) from default VSAN1 to the one we configred, am I correct?

Just for my understanding asking one doubt:- if we go with default VSAN, then is it required to configure zone & zoneset to allow communication between server wwn & storage wwn, our understanding is it allows access without any issue and we can use such scenario in non-production environment.

  • As per your explanation, there is no need for smart-zoning in our environment because we have only a limited number pf devices connected. You mentioned “Single Initiator (or Single-Init, Single-Target) zones”. Does this mean, suppose if we have 4 targets (our storage has 4 connections to SAN switch), then we have to configure 4 zones with server / initiator wwn and each one of the 4 wwn’s of the storage / target, is it correct? (usually we used to configure a zone with single initiator (server HBA wwwn) and put all the 4 targets in a single zone).
  • Thank you for the command to make the device alias in enhanced mode and we configured it.
  • For GUI nbased management, are you talking about Device Manager and Fabric Manager
0 Helpful

Go to solution
Walter Dey
VIP Alumni
VIP Alumni
In response to MSL

‎09-26-2017 11:07 AM

  • We configured device aliases and decided to go with that, but if we go with fcalias will it give any addtional benift in terms of security?

There is no difference in security; one major issue: fcalias is per VSAN, device-alias are global, across all VSAN's.

 

  • Regarding VSAN:- Initially we thorught we have to mention VSAN just with zone, zoneset (and with fcalias if we use it), later once we go through your reply we noticed "remember any port (physical, port-channel, logical) is in a VSAN". This means in addition to zone/zoneset we need to change the VSAN for all ports (physical, virtual, UCS FI uplink port on MDS, storage port etc) from default VSAN1 to the one we configred, am I correct?

Correct ! But I would fix it, and become compliant to best practise

 

Just for my understanding asking one doubt:- if we go with default VSAN, then is it required to configure zone & zoneset to allow communication between server wwn & storage wwn, our understanding is it allows access without any issue and we can use such scenario in non-production environment.

 

Correct ! everything works with default VSAN, but its not best practise !

 

  • As per your explanation, there is no need for smart-zoning in our environment because we have only a limited number pf devices connected. You mentioned “Sing
  • le Initiator (or Single-Init, Single-Target) zones”. Does this mean, suppose if we have 4 targets (our storage has 4 connections to SAN switch), then we have to configure 4 zones with server / initiator wwn and each one of the 4 wwn’s of the storage / target, is it correct? (usually we used to configure a zone with single initiator (server HBA wwwn) and put all the 4 targets in a single zone).

Correct ! but all storage vendors (EMC, HP, Netapp,...) recommend single initiator - single target zoning.

 

  • For GUI nbased management, are you talking about Device Manager and Fabric Manager

DCNM-SAN Server is a platform for advanced MDS monitoring, troubleshooting, and configuration capabilities. DCNM-SAN Server provides centralized MDS management services and performance monitoring.

0 Helpful
Customers Also Viewed These Support Documents