Chapter 46 Configuring Port Security; Port Security Enforcement; About Auto-Learning - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual
Fabric manager configuration guide, release 4.x
Hide thumbs
Also See for AP775A - Nexus Converged Network Switch 5010:
- Reference (886 pages) ,
- Command reference manual (792 pages) ,
- Configuration manual (760 pages)
Table of Contents
Advertisement
About Port Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
•
•
•
This section includes the following topics:
•
•
•
Port Security Enforcement
To enforce port security, configure the devices and switch port interfaces through which each device or
switch is connected, and activate the configuration.
•
•
Each Nx and xE port can be configured to restrict a single port or a range of ports.
Enforcement of port security policies are done on every activation and when the port tries to come up.
The port security feature uses two databases to accept and implement configuration changes.
•
•
About Auto-Learning
You can instruct the switch to automatically learn (auto-learn) the port security configurations over a
specified period. This feature allows any switch in the Cisco MDS 9000 Family to automatically learn
about devices and switches that connect to it. Use this feature when you activate the port security feature
for the first time as it saves tedious manual configuration for each port. You must configure auto-learning
on a per-VSAN basis. If enabled, devices and switches that are allowed to connect to the switch are
automatically learned, even if you have not configured any port access.
When auto-learning is enabled, learning happens only for the devices or interfaces that were not already
logged into the switch. Learned entries on a port are cleaned up after you shut down that port if
auto-learning is still enabled.
Learning does not override the existing configured port security policies. So, for example, if an interface
is configured to allow a specific pWWN, then auto-learning will not add a new entry to allow any other
pWWN on that interface. All other pWWNs will be blocked even in auto-learning mode.
No entries are learned for a port in the shutdown state.
When you activate the port security feature, auto-learning is also automatically enabled.
Cisco MDS 9000 Family Fabric Manager Configuration Guide
46-2
All intrusion attempts are reported to the SAN administrator through system messages.
Configuration distribution uses the CFS infrastructure, and is limited to those switches that are CFS
capable. Distribution is disabled by default.
Configuring the port security policy requires the ENTERPRISE_PKG license (see
"Obtaining and Installing
Port Security Enforcement, page 46-2
About Auto-Learning, page 46-2
Port Security Activation, page 46-3
Use the port world wide name (pWWN) or the node world wide name (nWWN) to specify the Nx
port connection for each device.
Use the switch world wide name (sWWN) to specify the xE port connection for each switch.
Configuration database—All configuration changes are stored in the configuration database.
Active database—The database currently enforced by the fabric. The port security feature requires
all devices connecting to a switch to be part of the port security active database. The software uses
this active database to enforce authorization.
Licenses").
Chapter 46
Configuring Port Security
Chapter 10,
OL-17256-03, Cisco MDS NX-OS Release 4.x
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
