1 The * (asterisk) indicates learned entries.
Merging the Port Security Database
A database merge refers to a union of the configuration database and static (unlearned) entries in the active
database.
When merging the database between two fabrics, follow these guidelines:
•
Verify that the activation status and the auto-learning status is the same in both fabrics.
•
Verify that the combined number of configurations for each VSAN in both databases does not exceed
2000.
If you do not follow these two conditions, the merge will fail. The next distribution forcefully synchronizes
the databases and the activation states in the fabric.
Caution
For additional information, refer to CFS Merge Support in the Series System Management Configuration
Guide for your device.
Database Interaction
The following table lists the differences and interaction between the active and configuration databases.
Table 37: Active and Configuration Port Security Databases
Configuration Database
Active Database
Read-write.
Read-only.
Saving the configuration saves all the entries in the
configuration database.
Saving the configuration only saves the activated
entries. Learned entries are not saved.
Once activated, the configuration database can be
modified without any effect on the active database.
Once activated, all devices that have already logged
into the VSAN are also learned and added to the
active database.
You can overwrite the configuration database with
the active database.
You can overwrite the active database with the
configured database by activating the port security
database. Forcing an activation may violate the entries
already configured in the active database.
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01
261
Configuring Port Security
Merging the Port Security Database