Cisco Nexus 5000 Series Switch Fabric Manager Software Configuration Guide, NX-OS 4.0 (OL-16598-01, June 2008)
CHAPTER
Send comments to nx5000-docfeedback@cisco.com
24-1
Nexus 5000 Series Switch Fabric Manager Software Configuration Guide
OL-16598-01
24
Configuring Port Security
Nexus 5000 Series switches provide port security features that reject intrusion attempts and report these
intrusions to the administrator.
Note Port security is supported on virtual Fibre Channel ports and physical Fibre Channel ports.
This chapter includes the following sections:
• Information About Port Security, page 24-1
• Configuring Port Security, page 24-3
• Enabling Port Security, page 24-5
• Port Security Activation, page 24-6
• Auto-Learning, page 24-10
• Port Security Manual Configuration, page 24-13
• Port Security Configuration Distribution, page 24-15
• Database Merge Guidelines, page 24-18
• Database Interaction, page 24-18
• Default Settings, page 24-21
Information About Port Security
Typically, any Fibre Channel device in a SAN can attach to any SAN switch port and access SAN
services based on zone membership. Port security features prevent unauthorized access to a switch port
in the Nexus 5000 Series switch, using the following methods:
• Login requests from unauthorized Fibre Channel devices (N ports) and switches (xE ports) are
rejected.
• All intrusion attempts are reported to the SAN administrator through system messages.
• Configuration distribution uses the CFS infrastructure, and is limited to those switches that are CFS
capable. Distribution is disabled by default.
• Configuring the port security policy requires the Storage Protocol Services license.