Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)
Send feedback to nx5000-docfeedback@cisco.com
45-6
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 45 Configuring Port Security
Port Security Activation
Activating Port Security
To activate port security, perform this task:
Database Activation Rejection
Database activation is rejected in the following cases:
• Missing or conflicting entries exist in the configuration database but not in the active database.
• The auto-learning feature was enabled before the activation. To reactivate a database in this state,
disable auto-learning.
• The exact security is not configured for each port channel member.
• The configured database is empty but the active database is not.
If the database activation is rejected due to one or more conflicts listed in the previous section, you may
decide to proceed by forcing the port security activation.
Forcing Port Security Activation
If the port security activation request is rejected, you can force the activation.
Note If you force the activation, existing devices are logged out if they violate the active database.
You can view missing or conflicting entries using the port-security database diff active vsan command
in EXEC mode.
To forcefully activate the port security database, perform this task:
Command Purpose
Step 1
switch# configuration terminal
switch(config)#
Enters configuration mode.
Step 2
switch(config)# port-security activate vsan
vsan-id
Activates the port security database for the
specified VSAN, and automatically enables
auto-learning.
switch(config)# port-security activate vsan
vsan-id no-auto-learn
Activates the port security database for the
specified VSAN, and disables auto-learning.
switch(config)# no port-security activate vsan
vsan-id
Deactivates the port security database for the
specified VSAN, and automatically disables
auto-learning.
Command Purpose
Step 1
switch# configuration terminal
switch(config)#
Enters configuration mode.
Step 2
switch(config)# port-security activate vsan vsan-id
force
Forces the port security database to
activate for the specified VSAN even
if conflicts occur.