Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2160
Views
0
Helpful
6
Replies

read-only zoning with MDS Switch

mlwilliamson
Level 1
Level 1

‎01-12-2012 03:54 AM

I am trying to understand read only zoning - particularly this statement in the MDS 9000 Guide:

"If two members belong to a read-only zone and to a read-write zone, the read-only zone takes priority and write access is denied."

What I am wanting to do is this - I have ESXi servers that are zoned to see my storage ports on my SAN, now I want to zone a Windows server to see those same storage ports on the SAN so that it can read those LUN's and perform backups of them. I want the Windows server to see them as read-only though. I am not sure how to interpret the statement above - does it mean that since my storage ports are in multiple zones where they are normally read-write but now they are also in a zone where they are read-only that they will only by read-only in all zones? That doesn't seem like it should work that way but I have never configured a read-only zone so I don't really understand.

Labels:
0 Helpful
6 Replies 6

maminhas
Level 1
Level 1

‎01-12-2012 01:17 PM

If you have same pwwn on both zones.one with read-write & other with read-only,  less privilige takes priority.

there is a LUN bases zoning feautre also on MDS (both read-only and Lun-based-zoning requires Enterprise License)

take a look on the complete requirements of Read-only zones and Lun based zoning

http://www.cisco.com/en/US/docs/switches/datacenter/mds9000/sw/4_1/configuration/guides/cli_4_1/zone.html#wp1682388

0 Helpful

mlwilliamson
Level 1
Level 1
In response to maminhas

‎01-12-2012 01:33 PM

So that I am clear my two zones are below - the only difference in them is the first member (which is my ESX host) all the other members are the same storage ports on the same SAN. So in this case if Zone 1 is read-only and Zone 2 is default read-write does that mean that the storage ports would be read only in both zones?

Zone 1

WWN eva-mds1-sw fc7/12 eva2vmsnap-hba1 50:01:43:80:05:66:30:32 0x500024 [...]

WWN                    ybor-mds1-sw fc1/4          HP 50:00:1f:e1:50:1d:25:2e          50:00:1f:e1:50:1d:25:2e          0x6f0021                     [...]

WWN                    eva-mds1-sw fc1/4          eva8400-hsv1-fp1                              50:00:1f:e1:50:1d:25:18          0x500008                     [...]

WWN                    eva-mds1-sw fc2/8          eva8400-hsv1-fp3                              50:00:1f:e1:50:1d:25:1a          0x500009                     [...]

WWN                    eva-mds1-sw fc1/12          eva8400-hsv2-fp1                              50:00:1f:e1:50:1d:25:1c          0x500005                     [...]

WWN                    eva-mds1-sw fc2/11          eva8400-hsv2-fp3                              50:00:1f:e1:50:1d:25:1e          0x50000a                     [...]

WWN                    ybor-mds1-sw fc1/11          ybor8400-hsv1-fp1                              50:00:1f:e1:50:1d:25:28          0x6f001e                     [...]

WWN                    ybor-mds1-sw fc2/11          ybor8400-hsv1-fp3                              50:00:1f:e1:50:1d:25:2a          0x6f001f                     [...]

WWN                    ybor-mds1-sw fc3/11          ybor8400-hsv2-fp1                              50:00:1f:e1:50:1d:25:2c          0x6f0020                     [...]

Zone 2

WWN ybor-mds1-sw fc4/3 ybor10esx-hba1 50:01:10:a0:00:86:1e:1c 0x6f0003 [...]

WWN                    ybor-mds1-sw fc1/4          HP 50:00:1f:e1:50:1d:25:2e          50:00:1f:e1:50:1d:25:2e          0x6f0021                     [...]

WWN                    eva-mds1-sw fc1/4          eva8400-hsv1-fp1                              50:00:1f:e1:50:1d:25:18          0x500008                     [...]

WWN                    eva-mds1-sw fc2/8          eva8400-hsv1-fp3                              50:00:1f:e1:50:1d:25:1a          0x500009                     [...]

WWN                    eva-mds1-sw fc1/12          eva8400-hsv2-fp1                              50:00:1f:e1:50:1d:25:1c          0x500005                     [...]

WWN                    eva-mds1-sw fc2/11          eva8400-hsv2-fp3                              50:00:1f:e1:50:1d:25:1e          0x50000a                     [...]

WWN                    ybor-mds1-sw fc1/11          ybor8400-hsv1-fp1                              50:00:1f:e1:50:1d:25:28          0x6f001e                     [...]

WWN                    ybor-mds1-sw fc2/11          ybor8400-hsv1-fp3                              50:00:1f:e1:50:1d:25:2a          0x6f001f                     [...]

WWN                    ybor-mds1-sw fc3/11          ybor8400-hsv2-fp1                              50:00:1f:e1:50:1d:25:2c          0x6f0020                     [...]

0 Helpful

william.riley
Level 1
Level 1
In response to mlwilliamson

‎05-08-2014 11:49 AM

Did you ever get an answer to this ?

0 Helpful

mlwilliamson
Level 1
Level 1
In response to william.riley

‎05-09-2014 07:06 AM

Other than what was posted here no. I am assuming from the answer that was supplied that I could not accomplish what I needed. We were trying to implement Symantec Netbackup to backup our vm's and we have not moved forward yet. We are planning on doing it second half of this year and based on above we have two options - one, let the Symantec server (Windows) have read/write to the volumes and hope the backup administrator doesn't do something damaging or two, don't backup over the SAN and configure it for network based backups which doesn't require us to do the zoning.

0 Helpful

dynamoxxx
Level 5
Level 5
In response to mlwilliamson

‎05-21-2014 09:14 PM

could you backup array based snapshots of those LUNs, that way you can't accidentally harm the primary data.

@dynamoxxx
0 Helpful

Richard Siemers
Level 1
Level 1

‎06-19-2015 02:38 PM

I recently needed to implement something similar.  My take on it is that if you have 2 conflicting zones, with the same initiator and targets in them...  the some conflict resolution needs to happen... in this case the most restrictive (read-only) wins.    I wanted to test this, but activating the zoneset failed.

The error was Activation Failed on VSAN:x Reason: Unkown: 25, domain id:#

Long story short, MDS 5.0 and above have removed the read-only zoning feature.

 

 

 

0 Helpful
Customers Also Viewed These Support Documents