GROUP ZONING AND ACCESS CONTROL OVER A NETWORK
First Claim
Patent Images
1. A method, comprising:
- creating, at an Ethernet switch of a Storage Area Network (SAN) and based on a multicast request from a target, a virtual local area network (VLAN) between an initiator and an Internet Small Computer Systems Interface (iSCSI) target port of a target adapter;
assigning an access control list (ACL) to the VLAN, wherein the ACL grants the initiator access to the iSCSI target port;
segregating a device connected to the SAN into a zone group, the zone group corresponding to the ACL; and
controlling access of the zone group based on the access control list and frame filtering.
3 Assignments
0 Petitions
Accused Products
Abstract
Example implementations relate to hard zoning capabilities for devices using Internet small computer system interface (iSCSI) protocol. For example, a method includes creating a virtual local area network (VLAN) at an Ethernet switch between an initiator and target adapter. The method includes assigning an access control list (ACL) to the VLAN. The method includes segregating a device of a plurality of devices connected to the SAN into a zone group. The method also includes controlling access of a zone group based on the ACL and frame filtering.
9 Citations
27 Claims
-
1. A method, comprising:
-
creating, at an Ethernet switch of a Storage Area Network (SAN) and based on a multicast request from a target, a virtual local area network (VLAN) between an initiator and an Internet Small Computer Systems Interface (iSCSI) target port of a target adapter; assigning an access control list (ACL) to the VLAN, wherein the ACL grants the initiator access to the iSCSI target port; segregating a device connected to the SAN into a zone group, the zone group corresponding to the ACL; and controlling access of the zone group based on the access control list and frame filtering. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9-15. -15. (canceled)
-
16. A method for controlling access to a Storage Area Network (SAN), comprising:
-
receiving, at a switch, a request to join an initiator to the SAN; receiving, at the switch, a request to join a target to the SAN; building, at the switch, a name server table comprising; an initiator list including the initiator; and a target list including the target; sending, from the switch and based on a command requesting the initiator list, a response including the initiator list; in response to receiving an Add Zone command, creating, at the switch, a Virtual Local Area Network (VLAN) between the initiator and an Internet Small Computer Systems Interface (iSCSI) port of the target; and assigning, at the switch, an access control list (ACL) to the VLAN. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A non-transitory, computer-readable medium including instructions that, when executed by a processor, cause the processor to:
-
send, to a switch, a request to join a Storage Area Network (SAN) fabric; send, to the switch, a multicast announcement; send, to the switch, a command requesting an initiator list; receive, from the switch, a response including the initiator list, wherein the initiator list is based, in part, on the multicast announcement; map an initiator of the initiator list to a target Internet Small Computer Systems Interface (iSCSI) port of a target adapter; send, to the switch, a multicast command to add a zone to the SAN fabric based on the mapping between the initiator and the target iSCSI port; and receive, at the target iSCSI port, a frame from the initiator. - View Dependent Claims (23, 24, 25, 26, 27)
-
Specification