[c-nsp] Port security on vPC on n5k => need help

Nicolas V nicovpp59 at gmail.com
Fri Dec 19 03:42:04 EST 2014


I am thinking about enabling the port security feature on 2* 5548 for a vPC
interface (need to specify a static mac address).

I have :
- vPC1 => peer link
- vPC2 => need to specify static mac address

I have read the following cisco doc, but this is not clear to me :


This guideline says :
"You must configure a static secure MAC address on the primary vPC peer.
This MAC address is synchronized with the secondary vPC peer. Do not
configure a static secure MAC address on the secondary peer. This MAC
address appears in the secondary vPC configuration, but does not take
affect. "

I am not using the "config sync" feature, and would like to know how to
setup port security on a vPC safely (I do not want that the vPC1 to be shut
in case mac address is learn on vPC1 instead of vPC2).

Config should be :
on both nexus :

feature port-security

then on nexus1 :
int po2
switchport port-security
switchport port-security mac-address 0011.2233.4455
vpc 2

Do you know :
- How I should configure po2/vpc2 on nexus 2
- if po2 is down on nexus 1, it will se mac address 0011.2233.4455. Could
it block po1/vpc1 ?

Thanks !

More information about the cisco-nsp mailing list