Table of Contents
Advertisement
Port Security Features
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Port Security Features
Typically, any Fibre Channel device in a SAN can attach to any SAN switch port and access SAN
services based on zone membership. Port security features prevent unauthorized access to a switch port
in the Cisco MDS 9000 Family:
•
•
•
•
Port Security Enforcement
To enforce port security, configure the devices and switch port interfaces through which each device or
switch is connected, and activate the configuration.
•
•
Each Nx and xE port can be configured to restrict a single port or a range of ports.
Enforcement of port security policies are done on every activation and when the port tries to come up.
The port security feature uses two databases to accept and implement configurations.
•
•
Port Security Initiation
By default, the port security feature is disabled in all switches in the Cisco MDS 9000 Family.
To enable port security, follow these steps:
Command
Step 1
switch# config t
Step 2
switch(config)# port-security enable
switch(config)# no port-security enable
Cisco MDS 9000 Family Configuration Guide
32-2
Login requests from unauthorized Fibre Channel devices (Nx ports) and switches (xE ports) are
rejected.
All intrusion attempts are reported to the SAN administrator through system messages.
Configuration distribution uses the CFS infrastructure, and is limited to those switches that are CFS
capable. Distribution is disabled by default.
Configuring the port security policy requires the ENTERPRISE_PKG license (see
"Obtaining and Installing
Use the port world wide name (pWWN) or the node world wide name (nWWN) to specify the Nx
port connection for each device.
Use the switch world wide name (sWWN) to specify the xE port connection for each switch.
Configuration database—All configuration changes are stored in the configuration database.
Active database—The database currently enforced by the fabric. The port security feature requires
all devices connecting to a switch to be part of the port security active database. The software uses
this active database to enforce authorization.
Licenses").
Purpose
Enters configuration mode.
Enables port security on that switch.
Disables (default) port security on that switch.
Chapter 32
Configuring Port Security
Chapter 3,
OL-6973-03, Cisco MDS SAN-OS Release 2.x
Advertisement
Table of Contents
Need help?
Do you have a question about the DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor and is the answer not in the manual?
Questions and answers