Configuring Learned Port Security Configuring Learned Port Security
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 33-12
Configuring the LPS Learning Window
By default, the LPS source learning window time limit is set to infinity. This means that there is no limit
on the amount of time during which MAC addresses are learned on all LPS ports. To limit the amount of
time that source learning is allowed on LPS ports, use the port-security learning-window command.
During the time the learning window is open, source MAC addresses that comply with LPS port
restrictions are authorized for source learning on the related LPS port. The following actions trigger the
start of the learning window timer:
• Using the port-security learning-window command. Each time this command is issued, the timer
restarts even if a current window is still open.
• A switch reboot with the port-security learning-window command entry saved in the vcboot.cfg file.
When this command is used to configure the learning window time and related options for the switch,
use the write memory command to ensure the command is saved in the vcboot.cfg file.
The LPS learning window time limit is a switch-wide parameter that applies to all LPS-enabled ports, not
just one or a group of LPS ports. The following command example sets the time limit value to 30 minutes:
-> port-security learning-window 30
Setting the LPS learning window time value to zero (the default) configures an infinite learning window
for LPS ports. For example:
-> port-security learning-window 0
Use the show port-security learning-window command to determine the current settings for the LPS
learning window.
Configuring Learning Window Parameters
In addition to specifying the duration of the LPS learning window, the port-security learning-window
command provides the following parameters for configuring additional learning window options:
Note. When the time limit value expires, source learning of any new dynamic bridged MAC addresses is
stopped on all LPS ports, even if the number of bridged addresses learned does not exceed the maximum
allowed. However, after the window has closed, the switch will continue to learn dynamic filtered MAC
addresses until the maximum number of filtered addresses allowed is reached.
no-aging Specifies whether or not learned dynamic MAC addresses can age
out. See “Configuring the MAC Address Aging Status” on
page 33-13.
convert-to-static Specifies whether or not learned dynamic bridged MAC addresses
are converted to static MAC addresses when the learning window
closes. See “Converting Dynamic MAC Addresses to Static MAC
Addresses” on page 33-13.
learn-as-static Specifies whether or not learned dynamic bridged MAC addresses
are automatically converted to static MAC addresses during the
learning window time frame. See “Learning MAC Addresses as
Static MAC Addresses” on page 33-14.
To Next Page
Loading...
Need help?
General
