How to configure FC Zoning on a Cisco Nexus Switch

We will configure a Nexus Switch with FC Zoning for our SAN

Alt text

FC Zoning is used to allow traffic between your Storage and Computing Server. By default all devices are in a default zone which is set to deny any any. When we create a Zone we need the PWWN of the target and initiator.


In this configuration I created vsan 1000 and assigned the interface of the Storage Array and the interface of the ESXi Server to it. Also I also assigned a Domain ID statically to the Switch which is used to identify the Switch in a fabric with multiple Storage Switches.


We can verify that the Interfaces now belong to the vsan

N5K(config)# sh vsan 1000 membership
vsan 1000 interfaces:
    fc1/17            fc1/19

Alt text

I created a Zone and added the PWWN of the Storage Array and the ESXi Server to it. A Zoneset is a group of zones. In this example we only have one zone but you still need to create a Zoneset since we can only activate the Zoneset and not the Zone itself.


Here is the complete Config created on a Nexus 5000.

slot 1
  port 1-16 type ethernet
  port 17-32 type fc

vsan database
  vsan 1000
  vsan 1000 interface fc1/17
  vsan 1000 interface fc1/19

fcdomain domain 10 static vsan 1000

interface fc1/17
  no shutdown
interface fc1/19
  no shutdown

zone name ESXi_zone vsan 1000 
    member pwwn 21:00:00:24:ff:0e:ac:7f 
    member pwwn 21:00:00:24:ff:0f:05:0a

zoneset name ESXi vsan 1000
    member ESXi_zone
zoneset activate name ESXi vsan 1000

A fabric login session should now appear on the Nexus Switch.

N5K(config)# sh flogi database 
-----------------------------------------------------------------------
INTERFACE        VSAN    FCID       PORT NAME         NODE NAME       
-----------------------------------------------------------------------
fc1/17  1000  0x0a0000  21:00:00:24:ff:0f:05:0a 20:00:00:24:ff:0f:05:0a
fc1/19  1000  0x0a0020  21:00:00:24:ff:0e:ac:7f 20:00:00:24:ff:0e:ac:7f

We can verify that the zone is active and has our PWWNs.

N5K(config)# sh zone active 
zone name ESXi_zone vsan 1000
* fcid 0x0a0000 [pwwn 21:00:00:24:ff:0f:05:0a]
* fcid 0x0a0020 [pwwn 21:00:00:24:ff:0e:ac:7f]

Also we can verify on my ESOS Storage Array that we have an active Session with the Initiator of the ESXi Server.


Alt text

Thanks for reading my article. If you have any questions or recommendations you can message me via arvednetblog@gmail.com.