hit counter script

Guidelines And Limitations For Port Security; Guidelines And Limitations For Port Security On Vpcs - Cisco Nexus 9000 Series Configuration Manual

Nx-os security configuration guide, release 9.x
Hide thumbs Also See for Nexus 9000 Series:
Table of Contents

Advertisement

Guidelines and Limitations for Port Security

Parameters
Security violation action
Guidelines and Limitations for Port Security
When configuring port security, follow these guidelines:
• Port security does not support switched port analyzer (SPAN) destination ports.
• Port security does not depend upon other features.
• Port security is not supported on VXLAN interfaces.
• Port security is supported for FEX interfaces only in non-vPC deployments on Cisco Nexus 9300-EX
• There is no supported method of disabling the USB port on Cisco Nexus 9000 Series switches.
• After configuring the association between the primary and secondary VLANs and deleting the association,

Guidelines and Limitations for Port Security on vPCs

Apart from the guidelines and limitations for port security, check that you can meet the following guidelines
and limitations for port security on vPCs:
• Port security is not supported on FEX interfaces in vPC deployments.
• You must enable port security globally on both vPC peers in a vPC domain.
• You must enable port security on the vPC interfaces of both vPC peers.
• You must configure a static secure MAC address on the primary vPC peer. The static MAC address is
• You must ensure that the maximum MAC count value remains the same for both primary and secondary
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
310
Series switches.
all static MAC addresses that were created on the primary VLANs remain on the primary VLAN only.
Note
In some cases, the configuration is accepted with no error messages, but the
commands have no effect.
After configuring the association between the primary and secondary VLANs:
• Static MAC addresses for the secondary VLANs cannot be created.
• Dynamic MAC addresses that learned the secondary VLANs are aged out.
synchronized with the secondary vPC peer. You can also configure a static secure MAC address on the
secondary peer. The second static MAC address appears in the secondary vPC configuration but does
not take affect.
vPC ports.
Default
Shutdown
Configuring Port Security

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents

Save PDF