08-24-2017 01:46 PM - edited 03-01-2019 01:39 PM
I'm having issues configuring port security on a Nexus 9504. I'm familiar with port security on IOS but NX-OS is new to me. I'm stuck at turning on the feature, it simply isn't available as a feature and according to the documentation it should be. Additional licensing isn't required. What am I missing?
Ver: nxos.7.0.3.I4.6
Any help is appreciated!
Solved! Go to Solution.
09-14-2017 09:19 AM
Hi,
I realize where the confusion is coming from - When I said "upgrade the chassis", I was referring to the NX-OS version of it (not the HW by any means). Sorry about that. TAC habit.
Thanks!
- Andrea
08-24-2017 04:50 PM
So, "feature port-security" command is not availbe?
What is the output of "feature port?
HTH
08-25-2017 06:14 AM
That’s correct. See output below…
9504(config)# feature port
^
% Invalid command at '^' marker.
Or…
9504(config)# feature p?
password Credential(s) for the user(s)/device(s)
pbr Enable/Disable Policy Based Routing(PBR)
pim Enable/Disable Protocol Independent Multicast (PIM)
private-vlan Enable/Disable private-vlan
privilege Enable/Disable IOS type privilege level support
ptp Enable/Disable PTP
08-29-2017 01:36 PM
Maybe this platform does not support port security.
HTH
09-01-2017 12:25 PM
09-12-2017 05:52 AM
Can you run show port-security and post the output of that?
09-13-2017 09:51 AM
Command not available. It acts like it requires additional licensing but according to the documentation it shouldn't. See output below...
9504# sho port-?
port-channel Show port-channel information
09-13-2017 10:55 AM
Hi there,
The reason this CLI isn't parsing out is because port-security was introduced in NX-OS 7.0(3)I5(1) and later. I see that your current version is I4(6).
This is documented both in the Release Notes for 7.0(3)I5(1) under the "Security Feature" section:
Security Features
Port security – Configures Layer 2 physical interfaces and Layer 2 port-channel interfaces to allow inbound traffic from only a restricted set of MAC addresses. Port security is not supported on vPCs, and we do not recommend enabling port security in vPC deployments.
It is also listed in the "New and Changed information" for the 7.x Security Configuration Guide
Port security | Introduced this feature. | 7.0(3)I5(1) |
You'd have to upgrade the chassis to a version in which this feature is supported.
Hope that helps!
- Andrea
09-14-2017 07:56 AM
Andrea,
Thank you very much for you input. I do have a couple of follow up questions. You refer to nxos.7.0.3.I4.6 as the issue and recommend a chassis upgrade. Shouldn't I be able to upgrade the NXOS to 7.0(3)I5(1)?
09-14-2017 08:09 AM
Hi there,
That is correct. You would have to upgrade to 7.0(3)I5(1) or later to support this feature. Personally, I'd go to 7.0(3)I7(1) which was recently released and contains vast integrated fixes versus the I5(x) short lived release.
Thank you!
- Andrea
09-14-2017 09:03 AM
Great, but...do I also need to upgrade the chassis?
09-14-2017 09:19 AM
Hi,
I realize where the confusion is coming from - When I said "upgrade the chassis", I was referring to the NX-OS version of it (not the HW by any means). Sorry about that. TAC habit.
Thanks!
- Andrea
09-14-2017 10:48 AM
Gotcha. Thank you for the clarification. I really didn't want to update my chassis, especially since it's less then six months old.
I'll try this during our next maintenance window.
Thanks again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide