Cisco MDS 9000 Series Configuration Manual page 243

Configuring Port Security
All Cisco MDS 9000 Series Switches provide port security features that reject intrusion attempts and report
these intrusions to the administrator.
Note
Port security is supported for Fibre Channel ports and Fibre Channel over Ethernet (FCoE) ports as
fc-port-security.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
•
About Port Security
All switches in the Cisco MDS 9000 Family provide port security features that reject intrusion attempts and
report these intrusions to the administrator.
Typically, any Fibre Channel device in a SAN can attach to any SAN switch port and access SAN services
based on zone membership. Port security features prevent unauthorized access to a switch port in the Cisco
MDS 9000 Family in the following ways:
• Login requests from unauthorized Fibre Channel devices (Nx ports) and switches (xE ports) are rejected.
• All intrusion attempts are reported to the SAN administrator through system messages.
• Configuration distribution uses the CFS infrastructure, and is limited to those switches that are CFS
About Port Security, on page 225
Port Security Configuration, on page 227
Enabling Port Security, on page 229
Port Security Activation, on page 229
Activating Port Security, on page 229
Auto-learning, on page 231
Port Security Manual Configuration, on page 234
Port Security Configuration Distribution, on page 236
Database Merge Guidelines, on page 240
Database Interaction, on page 240
Default Settings, on page 246
capable. Distribution is disabled by default.
C H A P T E R
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
11
225