Port Security
Fabric Binding
Allows a preconfigured set of Fibre Channel devices
to logically connect to a SAN port. The switch port,
identified by a WWN or interface number, connects
to a Fibre Channel device (a host or another switch),
also identified by a WWN. By binding these two
devices, you lock these two ports into a group (or
list).
Authorizes only the configured sWWN stored in the
fabric binding database to participate in the fabric.
Requires activation per VSAN.
Requires activation per VSAN.
Allows specific user-defined physical ports to which
another device can connect.
Allows specific user-defined switches that are allowed
to connect to the fabric, regardless of the physical
port to which the peer switch is connected.
Learns about switches or devices that are logging in
if learning mode is enabled.
Does not learn about switches that are logging in.
Can be distributed by CFS.
Cannot be distributed by Cisco Fabric Services (CFS)
and must be configured manually on each switch in
the fabric.
Port-level checking for xE ports is as follows:
•
The switch login uses both port security binding and fabric binding for a given VSAN.
•
Binding checks are performed on the port VSAN as follows:
◦
E port security binding check on the port VSAN
◦
TE port security binding check on each allowed VSAN
While port security complements fabric binding, they are independent features and that you can enable or
disable separately.
Fabric Binding Enforcement
You must enable fabric binding in each switch in the fabric that participates in the fabric binding. By default,
this feature is disabled. The configuration and verification commands for the fabric binding feature are only
available when fabric binding is enabled on a switch. When you disable this configuration, all related
configurations are automatically discarded.
To enforce fabric binding, configure the switch world wide name (sWWN) to specify the xE port connection
for each switch. Enforcement of fabric binding policies are done on every activation and when the port tries
to come up. For a Fibre Channel VSAN, the fabric binding feature requires all sWWNs connected to a switch
to be part of the fabric binding active database.
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
268
OL-30895-01
Configuring Fabric Binding
Information About Fabric Binding