About Auto-Learning; Port Security Activation - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual
Cli software configuration guide
Hide thumbs
Also See for AP775A - Nexus Converged Network Switch 5010:
- Configuration manual (1486 pages) ,
- Reference (886 pages) ,
- Command reference manual (792 pages)
Table of Contents
Advertisement
About Auto-Learning
Each N and xE port can be configured to restrict a single port or a range of ports.
Enforcement of port security policies are done on every activation and when the port tries to come up.
The port security feature uses two databases to accept and implement configuration changes.
• Configuration database—All configuration changes are stored in the configuration database.
• Active database—The database currently enforced by the fabric. The port security feature requires all
About Auto-Learning
You can instruct the switch to automatically learn (auto-learn) the port security configurations over a specified
period. This feature allows any Cisco Nexus 5000 Series switch to automatically learn about devices and
switches that connect to it. Use this feature when you activate the port security feature for the first time as it
saves tedious manual configuration for each port. You must configure auto-learning on a per-VSAN basis. If
enabled, devices and switches that are allowed to connect to the switch are automatically learned, even if you
have not configured any port access.
When auto-learning is enabled, learning happens only for the devices or interfaces that were not already logged
into the switch. Learned entries on a port are cleaned up after you shut down that port if auto-learning is still
enabled.
Learning does not override the existing configured port security policies. For example, if an interface is
configured to allow a specific pWWN, then auto-learning will not add a new entry to allow any other pWWN
on that interface. All other pWWNs will be blocked even in auto-learning mode.
No entries are learned for a port in the shutdown state.
When you activate the port security feature, auto-learning is also automatically enabled.
If you enable auto-learning before activating port security, you cannot activate port security until
Note
auto-learning is disabled.
Port Security Activation
By default, the port security feature is not activated in Cisco Nexus 5000 Series switches.
When you activate the port security feature, the following operations occur:
• Auto-learning is also automatically enabled, which means:
• All the devices that are already logged in are learned and are added to the active database.
• All entries in the configured database are copied to the active database.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
636
devices connecting to a switch to be part of the port security active database. The software uses this
active database to enforce authorization.
◦ From this point, auto-learning happens only for the devices or interfaces that were not logged into
the switch.
◦ You cannot activate the database until you disable auto-learning.
Configuring Port Security
OL-16597-01
Advertisement
Chapters
Table of Contents
Troubleshooting
