Embodiments described herein relate generally to network switches, and, in particular, to implementing access control at switching devices in a network.
Some known networks (e.g., Fibre Channel over Ethernet (FCoE) networks) use Virtual Node (VN) Port to VN Port (VN2VN) technology to implement specific deployments for some dedicated purposes (e.g., functioning as a Storage Area Network (SAN)). Such known networks typically implement a common access control policy where a set of devices may access another set of devices, while a device within each set of devices may or may not be allowed to access the remaining devices within the same set of devices depending on the details of the implementation. The VN2VN protocol, however, does not provide any mechanism to implement zoning or access control configuration to control access between network devices.
On the other hand, some known zoning and access control methods exist for various types of networks (e.g., FCoE networks). Those zoning and access control methods typically use a central-controlling device such as a Fibre Channel Forwarder (FCF) in a Fibre Channel (FC) fabric. Using such a central-controlling device, however, is typically complex, error prone, difficult to scale, and incompatible with the VN2VN protocol.
Accordingly, a need exists for methods and apparatus that can implement the access control policy in a VN2VN-enabled network.