If you disable sticky learning, the device resumes dynamic learning.Ī sticky secure MAC address entry remains in the configuration of an interface until one of the following events occurs: When you enable sticky learning on an interface, the device stopsĭynamic learning and performs sticky learning instead. Sticky secure MAC addresses do not appear in the running configuration of an interface.ĭynamic and sticky address learning are mutually exclusive. As a result, addresses learned by the sticky method If you enable the sticky method, the device secures MAC addresses in the same manner as dynamic address learning, but theĭevice stores addresses learned by this method in nonvolatile RAM (NVRAM). You configure the interface to act as a Layer 3 interface The address reaches the age limit that you configured for the interface Of an interface until one of the following events occurs: A dynamic secure MAC address entry remains in the configuration The device stores dynamic secure MAC addresses in memory. Not reached any applicable maximum, it secures the address and allows the traffic. If the address is not yet secured and the device has Secures MAC addresses as ingress traffic passes through the interface. Dynamic Methodīy default, when you enable port security on an interface, you enable the dynamic learning method. You configure the interface to act as a Layer 3 interface.Īdding secure addresses by the static method is not affected by whether dynamic address learning is enabled. You explicitly remove the address from the configuration. If you copy the running configuration to the startup configuration, static secure MAC addresses are unaffected if the deviceĪ static secure MAC address entry remains in the configuration of an interface until one of the following events occurs: The static learning method allows you to manually add or remove secure MAC addresses to the running configuration of an interface. The way that the device stores secure MAC addresses varies depending upon how the device learned the A MAC address can be a secure MAC address on one interface only.įor each interface on which you enable port security, the device can learn a limited number of MAC addresses by the static The process of securing a MAC address is called learning. Unless otherwise specified, the term interface refers to both physical interfaces and port-channel interfaces likewise, the term Layer 2 interface refers to both Layer 2 physical interfaces and Layer 2 port-channel interfaces. That the device can secure is configurable per interface. The device does not allow traffic from these MAC addresses on another interface within the same VLAN. The MAC addresses in the restricted set are called secure MAC addresses. Port security allows you to configure Layer 2 physical interfaces and Layer 2 port-channel interfaces to allow inbound trafficįrom only a restricted set of MAC addresses. This chapter includes the following sections:
#Default cisco mac address aging time how to
This chapter describes how to configure port security on Cisco NX-OS devices. Additional References for Port Security.Example: Configuring Port Security on the vPC Leg.Example: Configuring Port Security on an Orphan Port.Configuration Examples for Port Security in a vPC Domain.Configuration Example for Port Security.Verifying the Port Security Configuration.Configuring a Security Violation Action.Configuring an Address Aging Type and Time.Configuring a Maximum Number of MAC Addresses.
Enabling or Disabling Port Security Globally.Guidelines and Limitations for Port Security on vPCs.Guidelines and Limitations for Port Security.Port Security and Port-Channel Interfaces.
0 kommentar(er)
