•
If an N port is allowed to log in to a SAN switch port F, that N port can only log in through the specified
F port.
•
If an N port
’
s nWWN is bound to an F port WWN, all pWWNs in the N port are implicitly paired with
the F port.
•
TE port checking is done on each VSAN in the allowed VSAN list of the VSAN trunk port.
•
You must configure all port channel xE ports with the same set of WWNs in the same SAN port channel.
•
E port security is implemented in the port VSAN of the E port. In this case, the sWWN is used to secure
authorization checks.
•
Once activated, you can modify the configuration database without any effect on the active database.
•
By saving the running configuration, you save the configuration database and activated entries in the
active database. Learned entries in the active database are not saved.
Adding Authorized Port Pairs
After identifying the WWN pairs that need to be bound, you can add those pairs to the port security database.
Remote switch binding can be specified at the local switch. To specify the remote interfaces, you can use
either the fWWN or sWWN-interface combination.
Tip
Procedure
Purpose
Command or Action
Enters global configuration mode.
configure terminal
Example:
switch# configure terminal
switch(config)#
Step 1
Enters the port security database mode for
the specified VSAN.
port-security database vsan vsan-id
Example:
switch(config)# port-security database
vsan 25
Step 2
Deletes the port security configuration
database from the specified VSAN.
no port-security database vsan vsan-id
Example:
switch(config)# no port-security database
vsan 25
Step 3
Configures the specified sWWN to only log
in through SAN port channel 5.
switch(config-port-security)#
swwn swwn-id
interface san-port-channel 5
Example:
switch(config-port-security)# swwn
21:00:05:30:23:1a:11:03 interface
san-port-channel 5
Step 4
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
256
OL-30895-01
Configuring Port Security
Port Security Manual Configuration