R2511-HP MSR Router Series Security Configuration Guide(V5)
136
Type Address sources Aging mechanism
Can be saved and
survive a device
reboot?
Dynamic
Converted from sticky
MAC addresses or
automatically learned
after the dynamic
secure MAC function
is enabled.
Same as sticky MAC addresses.
No.
All dynamic secure
MAC addresses are
lost at reboot.
Configuration prerequisites
• Enable port security.
• Set port security's limit on the number of MAC addresses on the port. Perform this task before you
enable autoLearn mode.
• Set the port security mode to autoLearn.
Configuration procedure
To configure a secure MAC address:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the secure MAC
aging timer.
port-security timer autolearn aging
time-value
Optional.
By default, secure MAC addresses
do note age out, and you can
remove them only by performing
the undo port-security
mac-address security command,
changing the port security mode,
or disabling the port security
feature.
3. Configure a secure
MAC address.
• In system view:
port-security mac-address security
[sticky] mac-address interface
interface-type interface-number vlan
vlan-id
• In interface view:
a. interface interface-type
interface-number
b. port-security mac-address
security [ sticky ] mac-address
vlan vlan-id
c. quit
Use either method.
No secure MAC address exists by
default.
4. Enter Layer 2 Ethernet
port view.
interface interface-type interface-number
N/A
5. Enable inactivity
aging.
port-security mac-address aging-type
inactivity
Optional.
By default, the inactivity aging
function is disabled.