Cisco Nexus 9000 Series Configuration Manual page 334
Nx-os security configuration guide, release 9.x
Hide thumbs
Also See for Nexus 9000 Series:
- Configuration manual (276 pages) ,
- Troubleshooting manual (126 pages) ,
- Quick start configuration manual (6 pages)
Table of Contents
Advertisement
Port Security and Port-Channel Interfaces
Configuring Secure Member Ports
The port security configuration of a port-channel interface has no effect on the port security configuration
of member ports.
Adding a Member Port
If you add a secure interface as a member port of a port-channel interface, the device discards all dynamic
secure addresses learned on the member port but retains all other port-security configuration of the
member port in the running configuration. Static secure MAC addresses learned on the secure member
port are also stored in the running configuration rather than NVRAM.
If port security is enabled on the member port and not enabled on the port-channel interface, the device
warns you when you attempt to add the member port to the port-channel interface. You can use the force
keyword with the channel-group command to forcibly add a secure member port to a nonsecure
port-channel interface.
While a port is a member of a port-channel interface, you cannot configure port security on the member
port. To do so, you must first remove the member port from the port-channel interface.
Removing a Member Port
If you remove a member port from a port-channel interface, the device restores the port security
configuration of the member port. Static secure MAC addresses that were learned on the port before you
added it to the port-channel interface are restored to NVRAM and removed from the running configuration.
Note
To ensure that all ports are secure as needed after you remove a port-channel interface, we recommend
that you closely inspect the port-security configuration of all member ports.
Removing a Port-Channel Interface
If you remove a secure port-channel interface, the following occurs:
• The device discards all secure MAC addresses learned for the port-channel interface, including
• The device restores the port-security configuration of each member port. The static secure MAC
Note
To ensure that all ports are secure as needed after you remove a port-channel interface, we recommend
that you closely inspect the port-security configuration of all member ports.
Disabling Port Security
If port security is enabled on any member port, the device does not allow you to disable port security on
the port-channel interface. To do so, remove all secure member ports from the port-channel interface
first. After disabling port security on a member port, you can add it to the port-channel interface again,
as needed.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
308
static secure MAC addresses learned on the port-channel interface.
addresses that were learned on member ports before you added them to the port-channel interface
are restored to NVRAM and removed from the running configuration. If a member port did not
have port security enabled prior to joining the port-channel interface, port security is not enabled
on the member port after the port-channel interface is removed.
Configuring Port Security
- Quick Links:
- Radius and Tacacs+ Security Protocols
Hide quick links:
Advertisement
Table of Contents
