Send documentation comments to mdsfeedback-doc@cisco.com
19-9
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
OL-9285-05
Chapter 19 Troubleshooting FC-SP, Port Security, and Fabric Binding
Port Security Issues
Verifying the Active Port Security Database Using Fabric Manager
To verify the active port security database using Fabric Manager, follow these steps:
Step 1 Choose Fabricxx > VSANxx > Port Security and select the Active Database tab to view the active
entries in the database.
Step 2 Select the Actions tab, check the CopyToConfig check box, and click Apply Changes to copy the active
database to the configure database.
Step 3 Select the CFS tab, if CFS is enabled, and select commit from the ConfigAction drop-down menu to
distribute these changes to all switches in the fabric.
Step 4 Select the Config Database tab and click Add Row to add a new entry into the configure database.
Step 5 Fill in the WWNs and interface fields and click Create.
Step 6 Select the CFS tab, if CFS is enabled, and select commit from the ConfigAction drop-down menu to
distribute these changes to all switches in the fabric.
Step 7 Select the Actions tab, select activate(TurnLearning off) from the Action drop-down menu, and click
Apply Changes to copy the configure database to the active database and reactivate port security.
Step 8 Select the CFS tab, if CFS is enabled, and select commit from the ConfigAction drop-down menu to
distribute these changes to all switches in the fabric.
Verifying the Active Port Security Database Using the CLI
To verify the active port security database using the CLI, follow these steps:
Step 1 Use the show port-security database active command to view the active entries in the database.
switch# show port-security database active
----------------------------------------------------------------------------------------
VSAN Logging-in Entity Logging-in Point (Interface) Learnt
----------------------------------------------------------------------------------------
3 21:00:00:e0:8b:06:d9:1d(pwwn) 20:0d:00:05:30:00:95:de(fc1/13) Yes
3 50:06:04:82:bc:01:c3:84(pwwn) 20:0c:00:05:30:00:95:de(fc1/12)
4 20:00:00:05:30:00:95:df(swwn) 20:0c:00:05:30:00:95:de(port-channel 128)
5 20:00:00:05:30:00:95:de(swwn) 20:01:00:05:30:00:95:de(fc1/1)
[Total 4 entries]
Step 2 Use the port-security database copy command to copy the active database to the configure database.
This ensures that no learned entries are lost.
switch# port-security database copy vsan 1
Step 3 Use the port-security database command to add a new entry into the configure database.
switch(config)# port-security database vsan 3
switch(config-port-security)# pwwn 20:11:33:11:00:2a:4a:66 swwn 20:00:00:0c:85:90:3e:80
interface fc1/13
Step 4 Use the port-security activate command to copy the configure database to the active database and
reactivate port security.
switch(config)# port-security activate vsan 1