Cisco MDS 9000 Series Configuration Manual page 248

Database Activation Rejection
Step 4
switch(config)# no port-security activate vsan 1
(Optional) Deactivates the port security database for the specified VSAN, and automatically disables
auto-learning.
Example
Note If required, you can disable auto-learning (see the
Database Activation Rejection
Database activation is rejected in the following cases:
• Missing or conflicting entries exist in the configuration database but not in the active database.
• The auto-learning feature was enabled before the activation. To reactivate a database in this state, disable
• The exact security is not configured for each PortChannel member.
• The configured database is empty but the active database is not.
If the database activation is rejected due to one or more conflicts listed in the previous section, you may decide
to proceed by forcing the port security activation.
Forcing Port Security Activation
If the port security activation request is rejected, you can force the activation.
Note An activation using the force option can log out existing devices if they violate the active database.
You can view missing or conflicting entries using the port-security database diff active vsan command in
EXEC mode.
To forcefully activate the port security database, follow these steps:
Procedure
Step 1
switch# configure terminal
switch(config)#
Enters configuration mode.
Step 2 switch(config)# port-security activate vsan 1 force
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
230
auto-learning.
Disabling Auto-learning, on page
Configuring Port Security
232)