Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9513 with Supervisor 2 Director Switch

621

622

623

624

625

626

627

628

629

630

Send feedback to nx5000-docfeedback@cisco.com

45-11

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide

OL-16597-01

Chapter 45 Configuring Port Security

Port Security Manual Configuration

• If an N port’s nWWN is bound to an F port WWN, then all pWWNs in the N port are implicitly

paired with the F port.

• TE port checking is done on each VSAN in the allowed VSAN list of the VSAN trunk port.

• All port channel xE ports must be configured with the same set of WWNs in the same SAN port

channel.

• E port security is implemented in the port VSAN of the E port. In this case, the sWWN is used to

secure authorization checks.

• Once activated, the configuration database can be modified without any effect on the active

database.

• By saving the running configuration, you save the configuration database and activated entries in the

active database. Learned entries in the active database are not saved.

Adding Authorized Port Pairs

After identifying the WWN pairs that need to be bound, add those pairs to the port security database.

Tip Remote switch binding can be specified at the local switch. To specify the remote interfaces, you can

use either the fWWN or sWWN-interface combination.

To add authorized port pairs for port security, perform this task:

This example enters the port security database mode for VSAN 2:

switch(config)# port-security database vsan 2

This example configures the specified sWWN to only log in through SAN port channel 5:

switch(config-port-security)# swwn 20:01:33:11:00:2a:4a:66 interface san-port-channel 5

This example configures the specified pWWN to log in through the specified interface in the specified

switch:

switch(config-port-security)# pwwn 20:11:33:11:00:2a:4a:66 swwn 20:00:00:0c:85:90:3e:80

interface fc 3/2

This example configures any WWN to log in through the specified interface in any switch:

Command Purpose

Step 1

switch# configuration terminal

switch(config)#

Enters configuration mode.

Step 2

switch(config)# port-security database vsan

vsan-id

switch(config-port-security)#

Enters the port security database mode for

the specified VSAN.

switch(config)# no port-security database vsan

vsan-id

switch(config)#

Deletes the port security configuration

database from the specified VSAN.

Step 3

switch(config-port-security)# swwn swwn-id

interface san-port-channel 5

Configures the specified sWWN to only

Step 4

switch(config-port-security)# any-wwn interface fc

slot/port - fc slot/port

Configures any WWN to log in through

the specified interfaces.