• Today’s switches enforce WWN zone members in hardware:
– Switch downloads list of authorized WWNs to the port ASIC
– Port ASIC blocks frames from unauthorized devices
– Unauthorized devices cannot access management services to obtain a list of authorized WWNs
Unauthorized host
Switch
By enforcing WWN zoning in hardware, at the port ASIC, unauthorized hosts whose WWNs are not in the zone database are not allowed to log in, and therefore cannot access management services to obtain information about the fabric. WWN spoofing is still possible, but an intruder will not easily be able to obtain a list of authorized WWNs simply by connecting an unauthorized host and querying the Fabric Management Server.
This provides most of the security advantages of port zoning while preserving the flexibility of WWN zoning.