Question 115 - 350-601 discussion

To enable port security on all Cisco MDS series switches in the fabric and avoid the extensive manual configuration of the switch ports, the network engineer must activate the CFS (Cisco Fabric Services) distribution and enable the auto-learning port security feature on a per-VSAN basis. CFS is a protocol that allows the switches to distribute and synchronize configuration information across the fabric. By activating the CFS distribution for port security, the network engineer can propagate the port security configuration to all the switches in the fabric automatically, without having to configure each switch individually. The auto-learning port security feature allows the switches to learn and store the port security information of the devices that are already logged in and authorized on the ports, and prevent any unauthorized devices from logging in. The auto-learning port security feature can be enabled on a per-VSAN basis, which means that the port security information is specific to each VSAN and does not affect other VSANs. This provides more flexibility and granularity for the port security configuration.Reference:=

Implementing and Operating Cisco Data Center Core Technologies (DCCOR) v1.2, Module 7: Data Center Storage Connectivity, Lesson 7.3: Fibre Channel Protocol

Cisco MDS 9000 Family NX-OS Security Configuration Guide, Chapter: Configuring Port Security