1-9
Configuring Security MAC Addresses
Security MAC addresses are special MAC addresses that never age out. One security MAC address
can be added to only one port in the same VLAN so that you can bind a MAC address to one port in the
same VLAN.
Security MAC addresses can be learned by the auto-learn function of port security or manually
configured.
Before adding security MAC addresses to a port, you must configure the port security mode to
autolearn
. After this configuration, the port changes its way of learning MAC addresses as follows.
z
The port deletes original dynamic MAC addresses;
z
If the amount of security MAC addresses has not yet reach the maximum number, the port will
learn new MAC addresses and turn them to security MAC addresses;
z
If the amount of security MAC addresses reaches the maximum number, the port will not be able to
learn new MAC addresses and the port mode will be changed from
autolearn
to
secure
.
The security MAC addresses manually configured are written to the configuration file; they will not get
lost when the port is up or down. As long as the configuration file is saved, the security MAC addresses
can be restored after the switch reboots.
Configuration prerequisites
z
Port security is enabled.
z
The maximum number of security MAC addresses allowed on the port is set.
z
The security mode of the port is set to
autolearn
.
Configuring a security MAC address
Follow these steps to configure a security MAC address:
To do...
Use the command...
Remarks
Enter system view
system-view
—
In system
view
mac-address security mac-address
interface interface-type interface-number vlan
vlan-id
interface
interface-type interface-number
Add a security
MAC address
In Ethernet
port view
mac-address security mac-address vlan
vlan-id
Either is
required.
By default, no
security MAC
address is
configured.