Send documentation comments to mdsfeedback-doc@cisco.com.
31-2
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 31 Port Security
About Port Security
Auto-Learning Device Authorization
Table 31-1 summarizes the authorized connection for device requests.
Port Security Enforcement
If you choose to manually configure port security, you must configure the devices and switch port
interfaces through which each device or switch is connected:
•Use the port world wide name (pWWN) or the node world wide name (nWWN) to specify the Nx
port connection for each device.
•Use the switch world wide name (sWWN) to specify the xE port connection for each switch.
Each Nx and xE port can be configured to restrict a single port or a range of ports.
Enforcement of port security policies are done on every activation and when the port tries to come up.
The port security feature requires all devices connecting to a switch to be part of the port security active
database. The software uses this active database to enforce authorization.
By default, the port security feature is not activated in any switch in the Cisco MDS 9000 Family.
Table 31-1 Auto-Learn Device Authorization
Device (pWWN, nWWN, sWWN) Requests Connection to Authorization Condition
Configured with one or more switch
ports
A switch on configured
ports
Permitted 1
A switch on other ports Denied 2
Not configured A port that is not
configured
Permitted if
auto-learn enabled
3
Denied if
auto-learn disabled
4
Configured or not configured A switch port that allows
any device
Permitted 5
Configured to log in to any switch port Any port on the switch Permitted 6
Not configured A port configured with
some other device
Denied 7