Cisco Nexus 5000 Series Switch Fabric Manager Software Configuration Guide, NX-OS 4.0 (OL-16598-01, June 2008)
Send comments to nx5000-docfeedback@cisco.com
24-14
Nexus 5000 Series Switch Fabric Manager Software Configuration Guide
OL-16598-01
Chapter 24 Configuring Port Security
Port Security Manual Configuration
WWN Identification Guidelines
If you decide to manually configure port security, note the following guidelines:
• Identify switch ports by the interface or by the fWWN.
• Identify devices by the pWWN or by the nWWN.
• If an N port is allowed to log in to SAN switch port F, then that N port can only log in through the
specified F port.
• If an N port’s nWWN is bound to an F port WWN, then all pWWNs in the N port are implicitly
paired with the F port.
• TE port checking is done on each VSAN in the allowed VSAN list of the VSAN trunk port.
• All port channel xE ports must be configured with the same set of WWNs in the same SAN port
channel.
• E port security is implemented in the port VSAN of the E port. In this case, the sWWN is used to
secure authorization checks.
• Once activated, the configuration database can be modified without any effect on the active
database.
• By saving the running configuration, you save the configuration database and activated entries in the
active database. Learned entries in the active database are not saved.
Adding Authorized Port Pairs
After identifying the WWN pairs that need to be bound, add those pairs to the port security database.
Tip Remote switch binding can be specified at the local switch. To specify the remote interfaces, you can
use either the fWWN or sWWN-interface combination.
To add authorized port pairs for port security using Fabric Manager, perform this task:
Step 1 Expand a VSAN and then choose Port Security in the Logical Domains pane.
Step 2 Click the Config Database tab.
Step 3 Click Create Row to add an authorized port pair.
You see the Create Port Security dialog box as shown in Figure 24-5.