S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
45-3
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 45 Configuring Port Security
Configuring Port Security
Port Security Activation
By default, the port security feature is not activated in Cisco Nexus 5000 Series switches.
When you activate the port security feature, the following operations occur:
•
Auto-learning is also automatically enabled, which means:
–
From this point, auto-learning happens only for the devices or interfaces that were not logged
into the switch.
–
You cannot activate the database until you disable auto-learning.
•
All the devices that are already logged in are learned and are added to the active database.
•
All entries in the configured database are copied to the active database.
After the database is activated, subsequent device login is subject to the activated port bound WWN
pairs, excluding the auto-learned entries. You must disable auto-learning before the auto-learned entries
become activated.
When you activate the port security feature, auto-learning is also automatically enabled. You can choose
to activate the port security feature and disable auto-learning.
Tip
If a port is shut down because of a denied login attempt, and you subsequently configure the database to
allow that login, the port does not come up automatically. You must explicitly enter a
no shutdown
CLI
command to bring that port back online.
Configuring Port Security
The steps to configure port security depend on which features you are using. Auto-learning works
differently if you are using CFS distribution.
This section includes the following topics:
•
Configuring Port Security with Auto-Learning and CFS Distribution, page 45-3
•
Configuring Port Security with Auto-Learning without CFS, page 45-4
•
Configuring Port Security with Manual Database Configuration, page 45-5
Configuring Port Security with Auto-Learning and CFS Distribution
To configure port security, using auto-learning and CFS distribution, perform this task:
Step 1
Enable port security.
See the
“Enabling Port Security” section on page 45-5
.
Step 2
Enable CFS distribution.
See the
“Enabling Distribution” section on page 45-12
.
Step 3
Activate port security on each VSAN.
This action turns on auto-learning by default. See the
“Activating Port Security” section on page 45-6
.
Step 4
Issue a CFS commit to copy this configuration to all switches in the fabric.
Summary of Contents for N5010P-N2K-BE
Page 50: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 102: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 240: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 312: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 400: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 418: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 436: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 658: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...