mac

Commands for PORT SECURITY

160

11.3 switchport port-security

Command: switchport port-security

no switchport port-security

Function: Configure port-security function for the interface, the no command disables

port-security.

Parameter: None.

Default: Disable.

Command Mode: Port mode

Usage Guide: Clear all dynamic MACs after the interface enabled port-security, and all

MACs learnt from the interfaces are tagged with

FDB_TYPE_PORT_SECURITY_DYNAMIC. After disabling port-security of the

interfaces, clear all secure MACs or change them into the dynamic MACs.

Example: Enable port-security on the interface.

Switch(config-if- ethernet1/1)#switchport port-security

11.4 switchport port-security aging

Command: switchport port-security aging {static | time <value> | type {absolute |

inactivity}}

no switchport port-security violation aging {static | time | type}

Function: Enable the aging entries of port-security, and specify the aging time and type

on the interface.

Parameter: static：Enable the aging of the static MAC address configured on the

specified interface.

time <value>：Specify MAC aging time of the interface, its range from 1 to

1440mins. The default value is 0, that means disable the aging.

type：Specify the aging type

absolute：The expiration of the aging timer on the interface, all secure MACs

of the interfaces will get aged and be removed from the MAC table.

inactivity：The expiration of the aging timer on the interface, the entries will

get aged without the traffic, the entries are still kept in the aging period with the traffic.

Default: Do not enable port-security aging, the default aging time is 0.

Aging mode is absolute by default.

The static entries are not aged by default.

Command Mode: Port mode

Usage Guide: None.