Zoning Brocade switches: creating zones

I previously talked about creating aliases on Brocade switches, and am going to use this post to discuss zone creation. Zones allow you to control initiators and targets can see each other, which enhances security by limiting access to devices connected to the SAN fabric. As previously discussed, we can assign an alias to each initiator and target. Once an alias is assigned, we can create a zone and add these aliases to it. Brocade managed zones with the zone* commands, which are listed below for reference:

zoneadd – Add a member to an existing zone
zoneCopy – Copy an existing zone
zonecreate – Create a new zone
zoneDelete – Delete a zone
zoneRemove – Remove a one from the configuration
zoneRename – Rename a zone
zoneShow – Show the list of zones

To create a new zone, we can run the zonecreate command with the name of the zone to create, and the list of aliases to add to the zone:

Fabric1Switch1:admin> zonecreate “CentOSNode2Zone1”, “NevadaPort1; CentosNode2Port1”

Once the zone is created, we can view it with the zoneshow command:

Fabric1Switch1:admin> zoneshow “CentOSNode2Zone1”

 zone:	CentOSNode2Zone1	
		NevadaPort1; CentosNode2Port1

Now that we have a zone, we need to add it to the switch configuration and then enable that configuration. I will discuss that in more detail when I discuss managing Brocade configurations.

3 thoughts on “Zoning Brocade switches: creating zones”

  1. Cool writeup, thanks.

    This seems like as good a place as any to ask a conceptual question. I control which machines have access to which SAN resources through my various arrays and their web interfaces. Should zoning be used on top of that to add another layer of security to the SAN, or does it take the place of that? Or am I missing something?



Leave a Reply

Your email address will not be published. Required fields are marked *