Chapter 37
Configuring Port Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Database Reactivation
If auto-learning is enabled, you cannot activate the database, without the force option until you disable
Tip
auto-learning.
To reactivate the port security database, follow these steps:
Command
Step 1
switch# config t
switch(config)#
Step 2
switch(config)# no port-security
auto-learn vsan 1
Step 3
switch(config)# exit
switch# port-security database copy vsan 1
Step 4
switch# config t
switch(config)# port-security activate
vsan 1
Auto-learning
This section contains the following topics:
•
•
•
•
•
About Enabling Auto-learning
The state of the auto-learning configuration depends on the state of the port security feature:
•
•
If auto-learning is enabled on a VSAN, you can only activate the database for that VSAN by using the
Tip
force option.
OL-16184-01, Cisco MDS SAN-OS Release 3.x
About Enabling Auto-learning, page 37-7
Enabling Auto-learning, page 37-8
Disabling Auto-learning, page 37-8
Auto-Learning Device Authorization, page 37-8
Authorization Scenarios, page 37-9
If the port security feature is not activated, auto-learning is disabled by default.
If the port security feature is activated, auto-learning is enabled by default (unless you explicitly
disabled this option).
Purpose
Enters configuration mode.
Disables auto-learning and stops the switch from
learning about new devices accessing the switch.
Enforces the database contents based on the devices
learned up to this point.
Copies from the active to the configured database.
Activates the port security database for the specified
VSAN, and automatically enables auto-learning.
Cisco MDS 9000 Family CLI Configuration Guide
Auto-learning
37-7