Port Security Configuration Distribution
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Enabling Distribution
All the configurations performed in distributed mode are stored in a pending (temporary) database. If
you modify the configuration, you need to commit or discard the pending database changes to the
configurations. The fabric remains locked during this period. Changes to the pending database are not
reflected in the configurations until you commit the changes.
Port activation or deactivation and auto-learning enable or disable do not take effect until after a CFS
Note
commit if CFS distribution is enabled. Always follow any one of these operations with a CFS commit to
ensure proper configuration. See the
on page
For example, if you activate port security, follow up by disabling auto-learning, and commit the changes
in the pending database, then the net result of your actions is the same as issuing a port-security activate
vsan vsan-id no-auto-learn command.
In this case, we recommend that you perform a commit at the end of each operation: after you activate
Tip
port security and after you enable auto learning.
To enable the port security distribution, follow these steps:
Command
Step 1
switch# config t
switch(config)#
Step 2
switch(config)# port-security distribute
switch(config)# no port-security distribute
Locking the Fabric
The first action that modifies the existing configuration creates the pending database and locks the
feature in the VSAN. Once you lock the fabric, the following situations apply:
•
•
Committing the Changes
If you commit the changes made to the configurations, the configurations in the pending database are
distributed to other switches. On a successful commit, the configuration change is applied throughout
the fabric and the lock is released.
To commit the port security configuration changes for the specified VSAN, follow these steps:
Command
Step 1
switch# config t
switch(config)#
Step 2
switch(config)# port-security commit vsan 3
Cisco MDS 9000 Family CLI Configuration Guide
39-12
39-13.
No other user can make any configuration changes to this feature.
A copy of the configuration database becomes the pending database.
"Activation and Auto-learning Configuration Distribution" section
Purpose
Enters configuration mode.
Enables distribution.
Disables distribution.
Purpose
Enters configuration mode.
Commits the port security changes in the specified
VSAN.
Chapter 39
Configuring Port Security
OL-18084-01, Cisco MDS NX-OS Release 4.x