Activation and Auto-learning Configuration Distribution

Activation and auto-learning configurations in distributed mode are remembered as actions to be performed when you commit the changes in the pending database.

Learned entries are temporary and do not have any role in determining if a login is authorized or not. As such, learned entries do not participate in distribution. When you disable learning and commit the changes in the pending database, the learned entries become static entries in the active database and are distributed to all switches in the fabric. After the commit, the active database on all switches are identical and learning can be disabled.

If the pending database contains more than one activation and auto-learning configuration when you commit the changes, then the activation and auto-learning changes are consolidated and the behavior may change (see Table 37-3).

Table 37-3 Scenarios for Activation and Auto- learning Configurations in Distributed Mode 

Scenario

Actions

Distribution = OFF

Distribution = ON

A and B exist in the configuration database, activation is not done and devices C,D are logged in.

  1. You activate the port security database and enable auto-learning.

configuration database = {A,B}

active database = {A,B, C1, D*}

configuration database = {A,B}

active database = {null}

pending database = {A,B + activation to be enabled}

  1. A new entry E is added to the configuration database.

configuration database = {A,B, E}

active database = {A,B, C*, D*}

configuration database = {A,B}

active database = {null}

pending database = {A,B, E + activation to be enabled}

  1. You issue a commit.

Not applicable

configuration database = {A,B, E}

active database = {A,B, E, C*, D*}

pending database = empty

A and B exist in the configuration database, activation is not done and devices C,D are logged in.

  1. You activate the port security database and enable auto-learning.

configuration database = {A,B}

active database = {A,B, C*, D*}

configuration database = {A,B}

active database = {null}

pending database = {A,B + activation to be enabled}

  1. You disable learning.

configuration database = {A,B}

active database = {A,B, C, D}

configuration database = {A,B}

active database = {null}

pending database = {A,B + activation to be enabled +
learning to be disabled}

  1. You issue a commit.

Not applicable

configuration database = {A,B}

active database = {A,B} and devices C and D are logged out. This is equal to an activation with auto-learning disabled.

pending database = empty

1The * (asterisk) indicates learned entries.

Tip     In this case, we recommend that you perform a commit at the end of each operation: after you activate port security and after you enable auto-learning.


Copyright 2010-2013, Cisco Systems, Inc. All rights reserved.