Configuration Examples for Port Security in a vPC Domain
The following example shows how to enable and configure port security on vPC peers in a vPC domain. The
first switch is the primary vPC peer and the second switch is the secondary vPC peer. Before configuring port
security on the switches, create the vPC domain and check that the vPC peer-link adjacency is established.
Example: Configuring Port Security on an Orphan Port
primary_switch(config)#
feature port-security
primary_switch(config-if)#
int e1/1
primary_switch(config-if)#
switchport port-security
primary_switch(config-if)#
switchport port-security max 1025
primary_switch(config-if)#
switchport port-security violation restrict
primary_switch(config-if)#
switchport port-security aging time 4
primary_switch(config-if)#
switchport port-security aging type absolute
primary_switch(config-if)#
switchport port-security mac sticky
primary_switch(config-if)#
switchport port-security mac-address 0.0.1 vlan 101
primary_switch(config-if)#
switchport port-security mac-address 0.0.2 vlan 101
primary_switch(config-if)#
copy running-config startup-config
secondary_switch(config)#
feature port-security
secondary_switch(config)#
int e3/1
secondary_switch(config-if)#
switchport port-security
secondary_switch(config-if)#
switchport port-security max 1025
secondary_switch(config-if)#
switchport port-security violation restrict
secondary_switch(config-if)#
switchport port-security aging time 4
secondary_switch(config-if)#
switchport port-security aging type absolute
secondaryy_switch(config-if)#
switchport port-security mac sticky
secondary_switch(config-if)#
switchport port-security mac-address 0.0.1 vlan 101
secondary_switch(config-if)#
switchport port-security mac-address 0.0.2 vlan 101
secondary_switch(config-if)#
copy running-config startup-config
Example: Configuring Port Security on the vPC Leg
primary_switch(config)#
feature port-security
primary_switch(config-if)#
int po10
primary_switch(config-if)#
switchport port-security
primary_switch(config-if)#
switchport port-security max 1025
primary_switch(config-if)#
switchport port-security violation restrict
primary_switch(config-if)#
switchport port-security aging time 4
primary_switch(config-if)#
switchport port-security aging type absolute
primary_switch(config-if)#
switchport port-security mac sticky
primary_switch(config-if)#
switchport port-security mac-address 0.0.1 vlan 101
primary_switch(config-if)#
switchport port-security mac-address 0.0.2 vlan 101
primary_switch(config-if)#
vpc 10
primary_switch(config-if)#
copy running-config startup-config
secondary_switch(config)#
feature port-security
secondary_switch(config)#
int po10
secondary_switch(config-if)#
switchport port-security
secondary_switch(config-if)#
switchport port-security max 1025
secondary_switch(config-if)#
switchport port-security violation restrict
secondary_switch(config-if)#
switchport port-security aging time 4
secondary_switch(config-if)#
switchport port-security aging type absolute
secondaryy_switch(config-if)#
switchport port-security mac sticky
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
324
Configuring Port Security
Configuration Examples for Port Security in a vPC Domain