Table of Contents
Advertisement
Configuring Learned Port Security
When LPS is disabled on a port, the MAC address entries for that port are retained in the LPS table. The
next time LPS is enabled on the port, the same LPS table entries become active again. If there is a switch
reboot before the switch configuration is saved, however, dynamic MAC address entries are discarded
from the table.
Use the no form of this command to remove LPS and clear all entries (configured and dynamic) in the
LPS table for the specified port. For example:
-> no port-security port 5/10
After LPS is removed, all the dynamic and static MAC addresses are flushed and the learning of new
MAC addresses is enabled.
Configuring a Source Learning Time Limit
By default, the source learning time limit is disabled. Use the
to set the number of minutes the source learning window is to remain open for LPS ports. While this
window is open, source MAC addresses that comply with LPS port restrictions are authorized for
source learning on the related LPS port. The following actions trigger the start of the source learning
timer:
•
The port-security learning-window command. Each time this command is issued, the timer restarts
even if a current window is still open.
•
Switch reboot with a port-security learning-window command entry saved in the boot.cfg file.
The LPS source learning time limit is a switch-wide parameter that applies to all LPS enabled ports, not
just one or a group of LPS ports. The following command example sets the time limit value to 30 minutes:
-> port-security learning-window 30
Once the time limit value expires, source learning of any new dynamic MAC addresses is stopped on all
LPS ports even if the number of addresses learned does not exceed the maximum allowed.
Note. The LPS source learning time window has a higher priority over the maximum number of MAC
addresses allowed. Therefore, if the learning interval expires before the port has learned the maximum
MAC addresses allowed, the port does not learn anymore MAC addresses.
When the source learning time window expires, all the dynamic MAC addresses learned on the LPS ports
start to age out. To prevent this, all dynamic MAC addresses must be converted to static MAC addresses.
The convert-to-static parameter used with the
disables the conversion of dynamic MAC addresses to static MAC addresses on LPS ports when the
source learning time window expires.
To enable the conversion of dynamic MAC addresses to static MAC addresses on LPS ports when the
source learning time window expires, use the
convert-to-static parameter, as shown:
-> port-security learning-window 30 convert-to-static enable
To disable the conversion of dynamic MAC addresses to static MAC addresses when the source learning
time window expires, use the
parameter, as shown:
-> port-security learning-window 30 convert-to-static disable
page 25-10
port-security learning-window
port-security learning-window
port-security learning-window
OmniSwitch AOS Release 7 Network Configuration Guide
Configuring Learned Port Security
port-security learning-window
command enables or
command with the
command with the convert-to-static
command
March 2011
Advertisement
Table of Contents
