API Guide

● To shut down an interface on a MAC address learning limit violation, use the shutdown option.

MAC address learning limit violation actions configuration example

sticky feature to make the dynamically learned secure MAC addresses persist even after a system reboot so that the interface

does not have to learn these MAC addresses again.

Configuration:

Enter the following command in INTERFACE PORT SECURITY mode:

NOTE: Before enabling sticky MAC address learning, ensure that you restrict the number of MAC addresses that an

interface can learn using the mac-learn limit command.

Sticky MAC addresses configuration example

MAC address movement

Rationale: A MAC address movement happens when the system detects the same MAC address on an interface which it has

already learned through another port security-enabled interface on the same broadcast domain. MAC address movement is not

allowed for secure static and sticky MAC addresses. By default, MAC address movement for dynamically-learned MAC address

is disabled on the system. Secure dynamic MAC address movement is allowed between port-security-enabled and port-security-

disabled interfaces.

Configuration:

Use the following command in INTERFACE PORT SECURITY mode:

Configure MAC address movement violation actions

11