Configuring Port Security Using Wizard; Prerequisites - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual

Chapter 46 Configuring Port Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Activate port security on each VSAN. This turns on auto-learning by default. See the
Step 3
Security" section on page
Step 4 Disable auto-learn on each VSAN. See the
Copy the running configuration to the startup configuration This saves the port security configure
Step 5
database to the startup configuration.
Step 6 Repeat

Configuring Port Security Using Wizard

The Port Security Configuration wizard provides step-by-step procedures for setting up the Port Security
Policy for a selected VSAN. The Port Security Configuration wizard also supports the central
management through CFS,making it possible to complete the entire configuration at one place.
The wizard automatically conducts few essential operations. For example, if you want central
management, the wizard conducts operations to check CFS capability, enable CFS, and issue CFS
commit at the proper stages.
To manage security at a particular port, you do not need to run through the wizard to configure the port
security policy from the VSAN wide, but you can directly edit accesses on the port itself. This operation
can be done through the Port Binding dialog box. If the port's belonging switch has not enabled port
security yet, the dialog box enables security first. If the port security is enabled, the dialog box will edit
the policy database based on user operations.

Prerequisites

The prerequisites for configuring Port Security are as follows:
•
•
•
•
•
•
To configure port security, follow these steps:
Click the Port Security
Step 1
Before launching the Port Security Setup Wizard, Fabric Manager checks the CFS capability of the
switches in the VSAN.
If VSAN context is not available, the wizard prompts to select VSAN as shown in
OL-17256-03, Cisco MDS NX-OS Release 4.x
46-9.
Step 1 through Step 5 for all switches in the fabric.
Port Security enabled on the switch.
Port Security Policy should be defined either manually by editing bound devices or switches or ports
or by using autolearning.
Port Security Policy is activated.
Activated and configured databases are synchronized through copy.
Activated database is copied to be the startup configuration.
CFS should be enabled on all switches in the VSAN. A CFS master switch is selected to do all
configurations. All changes will be distributed to the VSAN through the CFS commit command.
"Disabling Auto-learning" section on page
button on the toolbar.
Cisco MDS 9000 Family Fabric Manager Configuration Guide
Port Security Configuration Guidelines
"Activating Port
46-13.
Figure 46-1.
46-5