In the interface configuration mode, execute no switchport port-security aging time to
disable the port security aging. Execute the no switchport port-security aging static to
apply the aging time only to dynamically learned security address.
The example below describes how to configure the port security aging time on interface
Gigabitethernet 0/3. The aging time is set to 8 minutes and it is applicable to
statically-configured security addresses:
DGS-3610# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
DGS-3610(config)# interface gigabitthernet 0/3
DGS-3610(config-if)# switchport port-security aging time 8
DGS-3610(config-if)# switchport port-security aging static
DGS-3610(config-if)# end
36.3.2.6 Configuring ARP Check of Security
Addresses
ARP check can avoid bogus ARP on secure ports and prevent illegal information from
pretending to be the IP address of key network device, causing network communication
disorder.
ARP check restriction:
1. With ARP check enabled, the maximum number of security addresses binding IP on all
ports is halved.
2. The ARP check does not take effect for existing security addresses. To validate a
configured security address, you can disable it and then enable it. In ARP check, the
strategy management module is used, sharing hardware resources with other strategy
management modules. In case of hardware resource shortage, the ARP check of some
security addresses may not take effect.
3. When many security address entries of MAC+IP exist, the ARP Check Cpu function has a
great impact on the CPU performance and can reduce the CPU efficiency.
By default, a security address only checks IP packets. The administrator needs to check the
validity of ARP packets. Execute the following command to enable ARP check in the
interface configuration mode.
To Next Page
Loading...
Need help?
General