Configuring Port Security
Procedure
Step 1
switch# configure terminal
switch(config)#
Enters configuration mode.
Step 2
switch(config)# port-security distribute
Enables distribution.
Step 3
switch(config)# no port-security distribute
(Optional) Disables distribution.
Example
For example, if you activate port security, follow up by disabling auto-learning, and commit the
changes in the pending database, then the net result of your actions is the same as issuing a
port-security activate vsan vsan-id no-auto-learn command.
All the configurations performed in distributed mode are stored in a pending (temporary) database.
If you modify the configuration, you need to commit or discard the pending database changes to the
configurations. The fabric remains locked during this period. Changes to the pending database are
not reflected in the configurations until you commit the changes.
Note
Port activation or deactivation and auto-learning enable or disable do not take effect until after a CFS
commit if CFS distribution is enabled. Always follow any one of these operations with a CFS commit
to ensure proper configuration. See the
page
Tip
In this case, we recommend that you perform a commit at the end of each operation: after you activate
port security and after you enable auto learning.
Locking the Fabric
The first action that modifies the existing configuration creates the pending database and locks the feature in
the VSAN. After you lock the fabric, the following situations apply:
• No other user can make any configuration changes to this feature.
• A copy of the configuration database becomes the pending database.
To display the CFS lock information, use the show cfs lock command. For more information, see the Cisco
MDS 9000 Family Command Reference.
238.
Activation and Auto-learning Configuration Distribution, on
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Locking the Fabric
237