Qlogic firmware: Initiators won't recognize targets during setup in some versions
Initiators may not automatically recognize targets initially connected to a Qlogic 9000 or 5000 series switch. In Fibre switch terminology, hosts such as an Xserve or a Mac Pro workstation are known as initiators, while storage devices such as the Xserve RAID are known as targets.
Section 1: Discussion
QLogic has traditionally configured switches with an 'open' policy, That is, everything plugged into the switch was automatically a member of a shared orphan zone. An "orphan zone" allows any device, whether target or initiator, that is plugged into the switch, to be visible to every other device plugged into the switch.
The QLogic SANbox 9000-series switch with firmware version 6.6.x or later and the Qlogic SANbox 5000 series switch with firmware version 6.8 or later, unlike previous Qlogic switches, do not have an orphan zone available by default. As a result, by default, no device has visibility to any other device connected to the switch until the switch is configured to have a zone or zones.
Section 2: Types of zones
Subsection 1: Orphan zone
An orphan zone, which allows every device connected to the switch to communicate with every other device on the switch, is inherently insecure. However, this type of zone is sufficient to address the security concerns of sites that intend to allow initiators full access to all targets.
To configure an Orphan Zone, follow these steps:
- Open Terminal and issue the following command:
$ telnet IP_Address
Replace IP_Address with the IP address assigned to the switch's Ethernet port. If you are not certain which IP Address is assigned to the switch, reference the Qlogic Installation Guide, downloadable from Qlogic's website.
- Provide the login and password when prompted. If you are not certain which administrator name and password is assigned to the switch, reference the Qlogic Installation Guide, which is downloadable from the Qlogic website.
- Issue to following commands:
> admin start
> config edit
> set config zoning
After running this command, an interactive mode will begin. Select the following values to create an orphan zone:
- InteropAutoSave: Set this value to True.
- DefaultZone: Set this value to True.
- DiscardInactive: Set this value to False.
- Implicit Hard Zoning: Set this value to False.
- Enter these last two commands:
> config save
> config activate
This completes the creation and activation of an orphan zone.
Subsection 2: Security Zones
If it is necessary to control which specific initiators will have access to specific targets while excluding access to specific targets by specific initiators, zones need to be created. By default, the Qlogic 9000 and 5000 series switches are configured to offer maximum security by restricting communications between all initiators and targets. An administrator's manual intervention is required to define which switch ports will be provided with or excluded from access to one another. For instructions on configuring zones, reference Qlogic's QuickTools Switch Management User Guide or the Enterprise Fabric Suite 2007 User Guide, which are downloadable from Qlogic's website.