6B90.F4FE
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# end
Example 4-4 shows how to configure a maximum of 10 secure MAC addresses on VLAN 5 on port interface
FastEthernet 0/2. The [vlan] option in this command sets a maximum value per VLAN for the specified VLAN or
range of VLANs.
Example 4-4. Port Security Configuration Example 2
Switch(config)# interface Fastethernet0/2
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security maximum 10 vlan 5
Switch(config-if)# end
In addition to the configuration shown in Example 4-4, a port-security aging mechanism can be configured. By
default the secure MAC addresses will not be aged out, and in normal port security configuration, the entries will
remain in the MAC table until the switch is powered off. When using the sticky option, these MAC addresses will
be stored until cleared manually.
There are two types of aging mechanisms:
Absolute: The secure addresses on the port age out after a fixed specified time, and all references are
flushed from the secure address list.
Inactivity: Also known as idle time, the secure addresses on the port age out if they are idle, and no
traffic from the secure source addresses passes for the specified time period.
Pages:
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180