S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
37-13
Cisco MDS 9000 Family CLI Configuration Guide
OL-16184-01, Cisco MDS SAN-OS Release 3.x
Chapter 37 Configuring Port Security
Port Security Configuration Distribution
Discarding the Changes
If you discard (abort) the changes made to the pending database, the configuration remains unaffected
and the lock is released.
To discard the port security configuration changes for the specified VSAN, follow these steps:
Activation and Auto-learning Configuration Distribution
Activation and auto-learning configurations in distributed mode are remembered merely as actions to be
performed when you commit the changes in the pending database.
Learned entries are temporary and do not have any role in determining if a login is authorized or not. As
such, learned entries do not participate in distribution. When you disable learning and commit the
changes in the pending database, the learned entries become static entries in the active database and are
distributed to all switches in the fabric. After the commit, the active database on all switches are identical
and learning can be disabled.
If the pending database contains more than one activation and auto-learning configuration when you
commit the changes, then the activation and auto-learning changes are consolidated and the behavior
may change (see
Table 37-3
).
Command
Purpose
Step 1
switch#
config t
switch(config)#
Enters configuration mode.
Step 2
switch(config)#
port-security abort vsan 5
Discards the port security changes in the specified
VSAN and clears the pending configuration
database.
Table 37-3
Scenarios for Activation and Auto-Learning learning Configurations in Distributed Mode
Scenario
Actions
Distribution = OFF
Distribution = ON
A and B exist in the
configuration
database,
activation is not
done and devices
C,D are logged in.
1.
You activate the port
security database and
enable auto-learning.
configuration database = {A,B}
active database = {A,B, C
1
, D*}
configuration database = {A,B}
active database = {null}
pending database = {A,B + activation to
be enabled}
2.
A new entry E is
added to the
configuration
database.
configuration database = {A,B,
E}
active database = {A,B, C*, D*}
configuration database = {A,B}
active database = {null}
pending database = {A,B, E + activation
to be enabled}
3.
You issue a commit.
Not applicable
configuration database = {A,B, E}
active database = {A,B, E, C*, D*}
pending database = empty