Configuring Learned Port Security Configuring Learned Port Security
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 33-13
Configuring the MAC Address Aging Status
During the learning window time period, dynamically learned MAC addresses may age out before the
learning window time is up. To prevent this from happening, use the no-aging enable parameter option
with the port-security learning-window command.
When this option is enabled, all dynamic bridged MAC addresses are learned as pseudo-static MAC
addresses. This type of address is treated as a regular statically configured address and will not age out,
even after the learning window closes. However, pseudo-static MAC addresses are not saved in the switch
configuration.
The no MAC address aging option is best used in combination with the option that converts dynamic
addresses to static address. Enabling both of these options ensures that no learned MAC addresses will age
out before or after the learning window closes.
By default, the no MAC address aging status is disabled. To enable this option for the learning window,
use the following command:
-> port-security learning-window no-aging enable
To disable this option for the learning window, use the following command:
-> port-security learning-window no-aging disable
Converting Dynamic MAC Addresses to Static MAC Addresses
When the learning window time expires, all the dynamic MAC addresses learned on the LPS ports start to
age out. The convert-to-static parameter option of the port-security learning-window command is used
to specify whether or not these MAC addresses are converted to static addresses when the learning
window time period ends.
By default, converting dynamic MAC addresses to static MAC addresses is disabled. To enable this option
for the learning window, use the following command:
-> port-security learning-window 30 convert-to-static enable
If the LPS learning window time is set to zero (infinity), enabling the convert-to-static option is not
allowed. For example:
-> port-security learning-window 0 convert-to-static enable
ERROR: Convert-to-static cannot be configured along with infinite learning-
window
mac-move Specifies whether or not a pseudo-static MAC address learned on
one LPS port can move to another LPS port in the same VLAN
without getting dropped. See “Configuring the MAC Movement
Status” on page 33-14.
boot-up Specifies whether or not the learning window timer will
automatically start each time the switch restarts. See “Starting the
Learning Window at Boot Up” on page 33-15.
Note. The number of converted static MAC addresses cannot exceed the maximum number of MAC
addresses allowed on the LPS ports.
To Next Page
Loading...
