Send documentation comments to mdsfeedback-doc@cisco.com.
31-10
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 31 Port Security
Configuring Port Security Manually
Activating the Port Security Database
When you activate the port security database, all entries in the configured database are copied to the
active database. After the database is activated, subsequent device login is subject to the activated port
bound WWN pairs. Additionally, all devices that have already logged into the VSAN at the time of
activation are also learned and added to the active database. If the auto-learn feature is already enabled
in a VSAN, you will not be allowed to activate the database.
To activate port security with auto-learn disabled, follow these steps:
Step 1 From Fabric Manager, choose VSANxxx > Port Security from the Logical Domains pane. You see the
port security configuration for that VSAN in the Information pane.
From Device Manager, Choose Security > Port.... You see the Port Security dialog box.
Step 2 Click the Actions tab.
Step 3 Click in the Action column under Activation, next to the switch or VSAN on which you want to activate
port security. You see a drop-down menu with the following options:
•activate—Valid port security settings are activated.
•activate (TurnLearningOff)—Valid port security settings are activated and autolearn turned off.
•forceActivate—Activation is forced.
•forceActivate(TurnLearningOff)—Activation is forced and autolearn is turned off.
•deactivate—All currently active port security settings are deactivated.
•NoSelection— No action is taken.
Step 4 Set the Action field you want for that switch.
Step 5 Uncheck the AutoLearn check box for each switch in the VSAN to disable auto-learning.
Step 6 Click the CFS tab and set the command column to commit on all participating switches in the VSAN.
Step 7 Click the Apply Changes icon in Fabric Manager or Apply in Device Manager to save these changes or
click Undo Changes in Fabric Manager or Close in Device Manager to discard any unsaved changes.
Database Activation Rejection
Database activation is rejected in the following cases:
•Missing or conflicting entries exist in the configuration database but not in the active database.
•If the auto-learn feature was enabled before the activation. To reactivate a database in this state.
•The exact security is not configured for each PortChannel member.
•The configured database is empty but the active database is not.
If the database activation is rejected due to one or more conflicts listed in the previous section, you may
decide to proceed by forcing the port security activation.