Configuring Port Security; About Port Security; Secure Mac Address Learning - Cisco Nexus 9000 Series Configuration Manual

Configuring Port Security

This chapter describes how to configure port security on Cisco NX-OS devices.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
•
•

About Port Security

Port security allows you to configure Layer 2 physical interfaces and Layer 2 port-channel interfaces to allow
inbound traffic from only a restricted set of MAC addresses. The MAC addresses in the restricted set are
called secure MAC addresses. In addition, the device does not allow traffic from these MAC addresses on
another interface within the same VLAN. The number of MAC addresses that the device can secure is
configurable per interface.
Note
Unless otherwise specified, the term interface refers to both physical interfaces and port-channel interfaces;
likewise, the term Layer 2 interface refers to both Layer 2 physical interfaces and Layer 2 port-channel
interfaces.

Secure MAC Address Learning

The process of securing a MAC address is called learning. A MAC address can be a secure MAC address on
one interface only. For each interface on which you enable port security, the device can learn a limited number
About Port Security, on page 303
Licensing Requirements for Port Security, on page 309
Prerequisites for Port Security, on page 309
Default Settings for Port Security, on page 309
Guidelines and Limitations for Port Security, on page 310
Guidelines and Limitations for Port Security on vPCs, on page 310
Configuring Port Security, on page 311
Verifying the Port Security Configuration, on page 323
Displaying Secure MAC Addresses, on page 323
Configuration Example for Port Security, on page 323
Configuration Examples for Port Security in a vPC Domain, on page 324
Additional References for Port Security, on page 325
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
13
C H A P T E R
303