Secured MAC Addresses Learned Statically

OcNOS-RON-6.3.1 : Layer 2 Guide : Layer 2 Configuration Guide : Port Security Configuration : Secured MAC Addresses Learned Statically

1. Stop the traffic from IXIA1 and do “clear mac address-table dynamic bridge 1” on SW1.

2. Verify all dynamic secured MAC addresses are cleared.

3. Configure 3 static secure MAC addresses using the commands below in port security configured interface.

4. Try to add a fourth static secure MAC address.

5. Verify operator log message is displayed, saying “port security mac limit reached.”

(config)#interface ge1	Enter interface mode
(config-if)#switchport port-security mac-address 0000.0000.aaaa vlanId 100	Add static secure MAC address for VLAN 100 in interface mode
(config-if)#switchport port-security mac-address 0000.0000.aaab vlanId 100	Add static secure MAC address for VLAN 100 in interface mode
(config-if)#switchport port-security mac-address 0000.0000.aaac vlanId 100	Add static secure MAC address for VLAN 100 in interface mode

Validation

SW1#show port-security

Port port-security mode MAC limit CVLAN SVLAN static secure MAC

-------+-------------------+---------+------+------+-----------------

ge1 dynamic 3 100 0000.0000.aaaa

100 0000.0000.aaab

100 0000.0000.aaac

SW1#show port-security interface ge1

Port Security Mode : Dynamic

Secure MAC limit : 3

Static Secure MAC list :

CVLAN SVLAN MAC Address

------+------+----------------

100 0000.0000.aaaa

100 0000.0000.aaab

100 0000.0000.aaac

SW1#show mac address-table count bridge 1

MAC Entries for all vlans:

Dynamic Address Count: 0

Static (User-defined) Unicast MAC Address Count: 3

Static (User-defined) Multicast MAC Address Count: 0

Total MAC Addresses in Use: 3

SW1#show bridge

Ageout time is global and if something is configured for vxlan then it will be affected here also

Bridge CVLAN SVLAN BVLAN Port MAC Address FWD Time-out

---------+------+------+------+-----------+-----------------+-----+---------+

1 100 ge1 0000.0000.aaaa 1 -

1 100 ge1 0000.0000.aaab 1 -

1 100 ge1 0000.0000.aaac 1 -

SW1#show mac address-table bridge 1

VLAN MAC Address Type Ports Port-security

------+---------------+---------+---------+--------------

100 0000.0000.aaaa static ge1 Enable

100 0000.0000.aaab static ge1 Enable

100 0000.0000.aaac static ge1 Enable

SW1#

Remove the port-security configuration method using the two commands below:

(

config)#interface ge1	Enter interface mode
(config-if)#no switchport port-security	Set the port-security method to static.

Last modified date: 07-13-2023