Showing results for 
Search instead for 
Did you mean: 
Robert Burns
Cisco Employee

>>Default Zoning Users - Heads Up for UCSM 2.1 <<

Wanted to give everyone a heads up on a nasty caveat before anyone gets nailed by this.


Default/Open zoning was supported in version prior to UCSM 2.1.  In the storage world this is known as IMPLICIT PERMIT. Default zoning was used to allow the direct connection of storage devices to the Fabric Interconnects. For direct connect devices we also allowed for zoning to be pushed from an upstream storage switch.  The only "supported" use of direct attach FC storage required an upstream SAN switch. Even with an upstream SAN switch to provide the zoning configuration, default zoning was still possible.

As of UCSM 2.1 all default/open zoning is changed to IMPLICIT DENY.  No more default zoning since there's now the ability to do FC zoning on the FI in the latest version.  There's risk of loss to storage access if using open zoning and then upgrading to UCSM 2.1 or later.


If you're using default/open zoning, you will need reconfigure your system & hosts and disable it prior to upgrading to UCSM 2.1 to avoid any operational impact.  Once upgraded you can leverage the new FC zoning feature to create 1:1 zones for Iniators & Targets.

This is clearly called out in the UCSM 2.1 Release notes, however want to give an extra heads up to minimize exposure/risk to customers:

<<Release Notes Snippet>>

The  Open Zoning feature has been removed from UCS version 2.1.1a.  If the  Open Zoning option is currently set to ALLOW in UCS prior to 2.1.1a and  Zoning NOT used for storage access, upgrading to 2.1.1a will  automatically modify the Open Zoning setting to DENY, resulting in a  loss of ALL storage access.  Do not upgrade to 2.1.1a if the current  storage access is dependent on the Open Zoning feature.

If you have any quesitons, let us know.



Daniel Andryszak

I currently running release 2.0.3a using direct attached FCoE to EMC CLARiiON CX4-120.

Since I don't have any zoning at this point, will upgrading to 2.1.1 cause an issue with stroage connectivity?

No. Direct attach Ethernet/FCoE ports will not be affected.



Thanks for the breakdown of this Rob!

Sent from Cisco Technical Support iPad App


Hi Robert,

Sorry if this is an old thread.

We are (still) running 1.4(1j), using direct-attached storage, 6120XPs set to "FC Switching Mode", and a VSAN setup as "dual" with default zoning enabled. We really need to upgrade, because we are seeing spurrious FAN Temp errors almost daily, and also because we have purchased a new B200-M3 blade that likely has up-level firmware. We were originally thinking of upgrading to 2.1(3a), but the zoning issue has us worried, since we can't afford any major system interruption this year. If we delay the 2.1 upgrade, and migrate to 2.0(5e) instead, will the upgrade be significantly easier and less risky? Will we be forced to change any zone configuration?

If we do delay the 2.1 upgrade, are there any strategies that might help smooth the procedure as far as the defult zoning is concerned? Can we change some configuration while under 2.0 so that we can minimize issues for the 2.1 upgrade, or is the UCS-based zoning not introduced until 2.1?

Thanks for any insight.


Content for Community-Ad