Configuring Port Security Using the Configuration Wizard

The Port Security Configuration wizard provides step-by-step procedures for setting up the Port Security Policy for a selected VSAN. The Port Security Configuration wizard also supports the central management through CFS, making it possible to complete the entire configuration at one place.

The wizard automatically conducts few essential operations. For example, if you want central management, the wizard conducts operations to check CFS capability, enable CFS, and issue CFS commit at the proper stages.

To manage security at a particular port, you do not need to run through the wizard to configure the port security policy from the VSAN wide, but you can directly edit accesses on the port itself. This operation can be done through the Port Binding dialog box. If the port's belonging switch has not enabled port security yet, the dialog box enables security first. If the port security is enabled, the dialog box will edit the policy database based on user operations.

CFS should be enabled on all switches in the VSAN. A CFS master switch is selected to do all configurations. All changes will be distributed to the VSAN through the CFS commit command.

Prerequisites

• Enable port security on the switch.
• Define port security policy either manually by editing bound devices or switches or ports or by using autolearning.
• Activate port security policy.
• Ensure that activated and configured databases are synchronized through copy.
• Copy the activated database to be the startup configuration.

Detailed Steps

To configure port security, follow these steps:

1. Click the Port Security button on the toolbar.

Before launching the Port Security Setup Wizard, DCNM-SAN checks the CFS capability of the switches in the VSAN.

If VSAN context is not available, the wizard prompts to select VSAN .

2. Select the VSAN from the list and click OK.
3. Do the following in the Select Master Switch page:
• Select the required master switch.
• Select Automatically learn all logged in ports in VSAN to Autolearn port configuration.
4. Click Next to proceed.

You see the Edit and Activate Configuration page.

Note     From Cisco NX-OS Release 5.2, devices can bind to vFC interfaces.

5. Click Insert to create port binding.

Note     When interfaces are inserted for binding, vFC ports can be selected.

6. Two types of port binding can be created using the Insert Port Security Devices dialog box:
• Port WWN-pWWN bound to an interface WWN.
• Switch-Switch WWN bound to an interface. (Mainly useful for ISL binding).
7. Select the type of port binding by clicking the radio buttons and enter the supporting values.
8. Click OK.
9. Click Close to exit the Insert Port Security window.

Note     To delete an entry in the Edit and Activate Configuration page of the wizard, select the entry and click the Delete button.

10. Click Finish to complete the Port Security Configuration for the selected switch.

---

Copyright 2010-2013, Cisco Systems, Inc. All rights reserved.