Configuration procedure

To configure a secure MAC address:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Set the secure MAC aging timer.

port-security timer autolearn aging time-value

Optional.

By default, secure MAC addresses do note age out, and you can remove them only by executing the undo port-security mac-address security command, changing the port security mode, or disabling the port security feature.

3. Configure a secure MAC address.

  • Approach 1 (in system view):port-security mac-address security [sticky] mac-address interface interface-type interface-number vlan vlan-id

  • Approach 2 (in Layer 2 Ethernet interface view):

    1. interface interface-type interface-number

    2. port-security mac-address security [ sticky ] mac-address vlan vlan-id

    3. quit

Use either approach.

No secure MAC address exists by default.

4. Enter Layer 2 Ethernet port view.

interface interface-type interface-number

N/A

5. Enable inactivity aging.

port-security mac-address aging-type inactivity

Optional.

By default, the inactivity aging function is disabled.

6. Enable the dynamic secure MAC function.

port-security mac-address dynamic

Optional.

By default, sticky MAC addresses can be saved to the configuration file, and once saved, can survive a device reboot.