Authorization Scenarios

Assume that the port security feature is activated and the following conditions are specified in the active database:

• A pWWN (P1) is allowed access through interface fc1/1 (F1).
• A pWWN (P2) is allowed access through interface fc1/1 (F1).
• A nWWN (N1) is allowed access through interface fc1/2 (F2).
• Any WWN is allowed access through interface fc1/3 (F3).
• A nWWN (N3) is allowed access through any interface.
• A pWWN (P3) is allowed access through interface fc1/4 (F4).
• A sWWN (S1) is allowed access through interface fc1/10-13 (F10 to F13).
• A pWWN (P10) is allowed access through interface fc1/11 (F11).

Table 37-2 summarizes the port security authorization results for this active database. The conditions listed refer to the conditions from Table 37-1.

Table 37-2 Authorization Results for Scenario 

Device Connection Request	Authorization	Condition	Reason
P1, N2, F1	Permitted	1	No conflict.
P2, N2, F1	Permitted	1	No conflict.
P3, N2, F1	Denied	2	F1 is bound to P1/P2.
P1, N3, F1	Permitted	6	Wildcard match for N3.
P1, N1, F3	Permitted	5	Wildcard match for F3.
P1, N4, F5	Denied	2	P1 is bound to F1.
P5, N1, F5	Denied	2	N1 is only allowed on F2.
P3, N3, F4	Permitted	1	No conflict.
S1, F10	Permitted	1	No conflict.
S2, F11	Denied	7	P10 is bound to F11.
P4, N4, F5 (auto-learning on)	Permitted	3	No conflict.
P4, N4, F5(auto-learning off)	Denied	4	No match.
S3, F5 (auto-learning on)	Permitted	3	No conflict.
S3, F5 (auto-learning off)	Denied	4	No match.
P1, N1, F6 (auto-learning on)	Denied	2	P1 is bound to F1.
P5, N5, F1 (auto-learning on)	Denied	7	Only P1 and P2 bound to F1.
S3, F4 (auto-learning on)	Denied	7	P3 paired with F4.
S1, F3 (auto-learning on)	Permitted	5	No conflict.
P5, N3, F3	Permitted	6	Wildcard ( * ) match for F3 and N3.
P7, N3, F9	Permitted	6	Wildcard ( * ) match for N3.

---

Copyright 2010-2013, Cisco Systems, Inc. All rights reserved.