Static Mode

OcNOS-RON-6.3.1 : Layer 2 Guide : Layer 2 Configuration Guide : Port Security Configuration : Static Mode

Static Mode

Use the below command to configure the port-security method to static and configure static secure MAC addresses using the commands the in static port-security method, below.

(config)#interface ge1	Enter interface mode
(config-if)#switchport port-security static	Set the port-security method as static.
(config-if)#switchport port-security max 3	Limit static secure MAC to 3 mac addresses.
(config-if)#switchport port-security mac-address 0000.0000.aaaa vlanId 100	Add static secure MAC address for VLAN 100 in interface mode.
(config-if)#switchport port-security mac-address 0000.0000.aaab vlanId 100	Add static secure MAC address for VLAN 100 in interface mode.
(config-if)#switchport port-security mac-address 0000.0000.aaac vlanId 100	Add static secure MAC address for VLAN 100 in interface mode .

Verify the 3 secure static MAC addresses are added in interface ge1 using show running-config and also verify the port-security method should be static using below show commands.

Validation

SW1#show running-config interface ge1

interface ge1

switchport

bridge-group 1

switchport mode hybrid

switchport hybrid allowed vlan all

switchport port-security static

switchport port-security maximum 3

switchport port-security mac-address 0000.0000.aaaa vlanId 100

switchport port-security mac-address 0000.0000.aaab vlanId 100

switchport port-security mac-address 0000.0000.aaac vlanId 100

SW1#show port-security

Port port-security mode MAC limit CVLAN SVLAN static secure MAC

-------+-------------------+---------+------+------+-----------------

ge1 static 3 100 0000.0000.aaaa

100 0000.0000.aaab

100 0000.0000.aaac

SW1#show port-security interface ge1

Port Security Mode : Static

Secure MAC limit : 3

Static Secure MAC list :

CVLAN SVLAN MAC Address

------+------+----------------

100 0000.0000.aaaa

100 0000.0000.aaab

100 0000.0000.aaac

SW1#show mac address-table count bridge 1

MAC Entries for all vlans:

Dynamic Address Count: 0

Static (User-defined) Unicast MAC Address Count: 3

Static (User-defined) Multicast MAC Address Count: 0

Total MAC Addresses in Use: 3

SW1#show bridge

Ageout time is global and if something is configured for vxlan then it will be affected here also

Bridge CVLAN SVLAN BVLAN Port MAC Address FWD Time-out

---------+------+------+------+-----------+-----------------+-----+---------+

1 100 ge1 0000.0000.aaaa 1 -

1 100 ge1 0000.0000.aaab 1 -

1 100 ge1 0000.0000.aaac 1 -

SW1#show mac address-table bridge 1

VLAN MAC Address Type Ports Port-security

------+---------------+---------+---------+--------------

100 0000.0000.aaaa static ge1 Enable

100 0000.0000.aaab static ge1 Enable

100 0000.0000.aaac static ge1 Enable

SW1#

Configure one more static secure MAC address on interface ge1 and try to verify “port security mac limit reached” operator log message is displayed.

Start sending Layer-2 traffic with incremental source MAC of 100 and with VLAN 100 from IXIA1, and verify no dynamic secure MAC addresses are being learned using all the validation commands used.

Last modified date: 07-13-2023