About Fabric Binding
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Table 40-1
Fabric Binding
Uses a set of sWWNs and a persistent domain
ID.
Binds the fabric at the switch level.
Authorizes only the configured sWWN stored in
the fabric binding database to participate in the
fabric.
Requires activation on a per VSAN basis.
Allows specific user-defined switches that are
allowed to connect to the fabric, regardless of the
physical port to which the peer switch is
connected.
Does not learn about switches that are logging in. Learns about switches or devices that are logging in
Cannot be distributed by CFS and must be
configured manually on each switch in the
fabric.
Port-level checking for xE ports is as follows:
•
•
While port security complements fabric binding, they are independent features and can be enabled or
disabled separately.
Fabric Binding Enforcement
To enforce fabric binding, configure the switch world wide name (sWWN) to specify the xE port
connection for each switch. Enforcement of fabric binding policies are done on every activation and
when the port tries to come up. In a FICON VSAN, the fabric binding feature requires all sWWNs
connected to a switch and their persistent domain IDs to be part of the fabric binding active database. In
a Fibre Channel VSAN, only the sWWN is required; the domain ID is optional.
Note
All switches in a Fibre Channel VSAN using fabric binding must be running Cisco MDS SAN-OS
Release 3.0(1) and NX-OS 4.1(1b) or later.
Cisco MDS 9000 Family CLI Configuration Guide
40-2
Fabric Binding and Port Security Comparison
The switch login uses both port security binding and fabric binding for a given VSAN.
Binding checks are performed on the port VSAN as follows:
E port security binding check on port VSAN
–
TE port security binding check on each allowed VSAN
–
Chapter 40
Port Security
Uses pWWNs/nWWNs or fWWNs/sWWNs.
Binds devices at the interface level.
Allows a preconfigured set of Fibre Channel
devices to logically connect to a SAN ports. The
switch port, identified by a WWN or interface
number, connects to a Fibre Channel device (a host
or another switch), also identified by a WWN. By
binding these two devices, you lock these two ports
into a group (or list).
Requires activation on a per VSAN basis.
Allows specific user-defined physical ports to
which another device can connect.
if learning mode is enabled.
Can be distributed by CFS.
OL-18084-01, Cisco MDS NX-OS Release 4.x
Configuring Fabric Binding