Cisco Nexus 5000 Series Switch Fabric Manager Software Configuration Guide, NX-OS 4.0 (OL-16598-01, June 2008)

ManualsBrandsHP ManualsStorageHP SN6000C 8Gb 32-port Fibre Channel Switch

311

312

313

314

315

316

317

318

319

320

Send comments to nx5000-docfeedback@cisco.com

24-3

Nexus 5000 Series Switch Fabric Manager Software Configuration Guide

OL-16598-01

Chapter 24 Configuring Port Security

Configuring Port Security

Port Security Activation

By default, the port security feature is not activated in Nexus 5000 Series switches.

When you activate the port security feature, the following operations occur:

• Auto-learning is also automatically enabled, which means:

–

From this point, auto-learning happens only for the devices or interfaces that were not logged

into the switch.

–

You cannot activate the database until you disable auto-learning.

• All the devices that are already logged in are learned and are added to the active database.

• All entries in the configured database are copied to the active database.

After the database is activated, subsequent device login is subject to the activated port bound WWN

pairs, excluding the auto-learned entries. You must disable auto-learning before the auto-learned entries

become activated.

When you activate the port security feature, auto-learning is also automatically enabled. You can choose

to activate the port security feature and disable auto-learning.

Tip If a port is shut down because of a denied login attempt, and you subsequently configure the database to

allow that login, the port does not come up automatically. You must explicitly enter a no shutdown CLI

command to bring that port back online.

Configuring Port Security

The steps to configure port security depend on which features you are using. Auto-learning works

differently if you are using CFS distribution.

This section includes the following topics:

• Configuring Port Security with Auto-Learning and CFS Distribution, page 24-3

• Configuring Port Security with Auto-Learning without CFS, page 24-4

• Configuring Port Security with Manual Database Configuration, page 24-5

Configuring Port Security with Auto-Learning and CFS Distribution

To configure port security, using auto-learning and CFS distribution, perform this task:

Step 1 Enable port security.

See the “Enabling Port Security” section on page 24-5.

Step 2 Enable CFS distribution.

See the “Enabling Distribution” section on page 24-16.

Step 3 Activate port security on each VSAN.

This action turns on auto-learning by default. See the “Activating Port Security” section on page 24-7.

Step 4 Issue a CFS commit to copy this configuration to all switches in the fabric.