LUN Masking“If you only implement SAN zoning, a host could gain access to every LUN that is available on any storage array in the zone.”
Beyond zoning, LUN masking allows the administrator to further lock down access to the storage unit. LUN Masking is done on the storage controller and it hides specific LUNs from specific servers.
LUN masking defines relationships between LUNs and individual servers and is used to further limit what LUNs are presented to a host.
"LUN masking is the ability of a host or an array to intentionally ignore WWNs that it can actively see (in other words, that are zoned to it)."