C H A P T E R
13
Configuring Port Security
This chapter describes how to configure port security on Cisco NX-OS devices.
This chapter includes the following sections:
•
About Port Security, on page 303
•
Licensing Requirements for Port Security, on page 309
•
Prerequisites for Port Security, on page 309
•
Default Settings for Port Security, on page 309
•
Guidelines and Limitations for Port Security, on page 310
•
Guidelines and Limitations for Port Security on vPCs, on page 310
•
Configuring Port Security, on page 311
•
Verifying the Port Security Configuration, on page 323
•
Displaying Secure MAC Addresses, on page 323
•
Configuration Example for Port Security, on page 323
•
Configuration Examples for Port Security in a vPC Domain, on page 324
•
Additional References for Port Security, on page 325
About Port Security
Port security allows you to configure Layer 2 physical interfaces and Layer 2 port-channel interfaces to allow
inbound traffic from only a restricted set of MAC addresses. The MAC addresses in the restricted set are
called secure MAC addresses. In addition, the device does not allow traffic from these MAC addresses on
another interface within the same VLAN. The number of MAC addresses that the device can secure is
configurable per interface.
Unless otherwise specified, the term
interface
refers to both physical interfaces and port-channel interfaces;
likewise, the term
Layer 2 interface
refers to both Layer 2 physical interfaces and Layer 2 port-channel
interfaces.
Note
Secure MAC Address Learning
The process of securing a MAC address is called learning. A MAC address can be a secure MAC address on
one interface only. For each interface on which you enable port security, the device can learn a limited number
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
303