205
IMPORTANT:
hen the maximum number of secure MAC address entries is reached, the port chan
es to secure mode,
and no more secure MAC addresses can be added or learned. The port allows only frames sourced from
a secure MAC address or a MAC address configured by using the mac-address dynamic or mac-address
static command to pass through.
Secure MAC addresses fall into static, sticky and dynamic secure MAC addresses.
Table 14 A comparison of static, sticky, and dynamic secure MAC addresses
Type Address sources Aging mechanism
Can be saved and
survive a device
reboot?
Static Manually added
Not available.
They never age out unless you manually remove
them, change the port security mode, or disable
the port security feature.
Yes.
Sticky
Manually added or
automatically learned
when the dynamic
secure MAC function
(port-security
mac-address
dynamic) is disabled.
Sticky MAC addresses by default do not age
out, but you can configure an aging timer or use
the aging timer together with the inactivity aging
function to delete old sticky MAC addresses:
• If only an aging timer is configured, the
aging timer counts up regardless of whether
traffic data has been sent from the sticky
MAC address.
• If both an aging timer and the inactivity
aging function are configured, the aging
timer restarts once traffic data is detected
from the sticky MAC address.
Yes.
The secure MAC aging
timer restarts at a
reboot.
Dynamic
Converted from sticky
MAC addresses or
automatically learned
after the dynamic
secure MAC function
is enabled.
Same as sticky MAC addresses.
No.
All dynamic secure
MAC addresses are
lost at reboot.
Configuration prerequisites
• Enable port security.
• Set port security's limit on the number of MAC addresses on the port. Perform this task before you
enable autoLearn mode.
• Set the port security mode to autoLearn.
Configuration procedure
To configure a secure MAC address:
To Next Page
Loading...
Need help?
General