Chapter 46
Configuring Port Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
You see the port security configuration for that VSAN in the Information pane.
Click the Actions tab.
Step 2
Click in the Action column under Activation, next to the switch or VSAN on which you want to activate
Step 3
port security. You see a drop-down menu with the following options:
•
•
•
•
•
•
Step 4
Set the Action field you want for that switch.
Step 5
Uncheck the AutoLearn check box for each switch in the VSAN to disable auto-learning.
Step 6
Click the CFS tab and set the command column to commit on all participating switches in the VSAN.
Step 7
Click Apply Changes in Fabric Manager or Apply in Device Manager to save these changes.
If required, you can disable auto-learning (see the
Note
Database Activation Rejection
Database activation is rejected in the following cases:
•
•
•
•
If the database activation is rejected due to one or more conflicts listed in the previous section, you may
decide to proceed by forcing the port security activation.
Forcing Port Security Activation
If the port security activation request is rejected, you can force the activation.
An activation using the force option can log out existing devices if they violate the active database.
Note
To forcefully activate the port security database using Fabric Manager, follow these steps:
Step 1
Expand a VSAN and select Port Security in the Logical Domains pane.
You see the port security configuration for that VSAN in the Information pane.
OL-16184-01, Cisco MDS SAN-OS Release 3.x
activate—Valid port security settings are activated.
activate (TurnLearningOff)—Valid port security settings are activated and auto-learn turned off.
forceActivate—Activation is forced.
forceActivate(TurnLearningOff)—Activation is forced and auto-learn is turned off.
deactivate—All currently active port security settings are deactivated.
NoSelection— No action is taken.
Missing or conflicting entries exist in the configuration database but not in the active database.
The auto-learning feature was enabled before the activation. To reactivate a database in this state,
disable auto-learning.
The exact security is not configured for each PortChannel member.
The configured database is empty but the active database is not.
"Disabling Auto-learning" section on page
Cisco MDS 9000 Family CLI Configuration Guide
Activating Port Security
46-15).
46-11