WWN Zoning
• WWN zoning:
– Identifies each device in a specified zone by WWN
– Zones “follow” devices
– WWNs can be spoofed
– Easier to manage but slightly less secure
When WWN zoning is used:
Node WWPNs are assigned to zones.
If a zoned device is unplugged from a port, the port does not belong to
any zone and is therefore still secure.
If the zoned device is moved to another port, the device will still belong
to the correct zone. The zone “follows” the device WWN.
WWNs can be spoofed if someone knows the correct WWN. An attacker
could spoof frame addresses, and may be able to infiltrate soft zones by
trying various initiator and target addresses.
WWN zoning is therefore somewhat less secure than port zoning, but
has the advantage of being easier to manage.