Data Model

The configuration model file matching port security management is huawei-mac.yang.

**Table 1** Port security management
Object	Description	Value	Remarks
/huawei-mac:static-flapping-protect/enable	Enables static MAC address flapping detection.	The value is of the Boolean type: true: Static MAC address flapping detection is enabled. false: Static MAC address flapping detection is disabled.	Static MAC address flapping detection needs to be enabled only on the interfaces with port security enabled.
/ietf-interfaces:interfaces/interface/huawei-mac:mac-security/port-security/enable	Enables port security.	The value is of the Boolean type: true: Port security is enabled. false: Port security is disabled.	The following objects can be configured only when this object is set to true: /ietf-interfaces:interfaces/interface/huawei-mac:mac-security/port-security/action /ietf-interfaces:interfaces/interface/huawei-mac:mac-security/port-security/port-security-aging/aging-time /ietf-interfaces:interfaces/interface/huawei-mac:mac-security/port-security/port-security-aging/aging-type
/ietf-interfaces:interfaces/interface/huawei-mac:mac-security/port-security/maxinum	Configures the maximum number of secure MAC addresses that can be learned on an interface.	The value is an integer in the range from 1 to 1024.	The total number of MAC addresses on interfaces enabled with port security cannot exceed 4096.
/ietf-interfaces:interfaces/interface/huawei-mac:mac-security/port-security/action	Configures the protection action to be taken when the number of learned MAC addresses on an interface enabled with port security exceeds the upper limit or static MAC address flapping is detected.	The value is of the enumerated type: protect: If the number of learned MAC addresses exceeds the upper limit, the interface discards packets with new source MAC addresses. If static MAC address flapping is detected, the interface discards the packets with this MAC address. restrict: If the number of learned MAC addresses exceeds the upper limit, the interface discards packets with new source MAC addresses and sends a trap. If static MAC address flapping is detected, the interface discards the packets with this MAC address and sends a trap. shutdown: If the number of learned MAC addresses exceeds the upper limit or static MAC address flapping is detected, the interface sets the interface status to error down and sends a trap.	N/A
/ietf-interfaces:interfaces/interface/huawei-mac:mac-security/port-security/port-security-aging/aging-time	Configures the aging time of secure dynamic MAC addresses on an interface.	The value is an integer in the range from 1 to 1440, in minutes.	N/A
/ietf-interfaces:interfaces/interface/huawei-mac:mac-security/port-security/port-security-aging/aging-type	Configures the type of the aging time of secure dynamic MAC addresses on an interface.	The value is of the enumerated type: absolute: Indicates the absolute aging time. After the absolute aging time of secure dynamic MAC addresses is set, the system calculates the lifetime of each MAC address every minute. If the lifetime plus 1 minute is longer than or equal to the aging time, the secure dynamic MAC address is aged immediately. If the lifetime plus 1 minute is shorter than the aging time, the system determines whether to delete the secure dynamic MAC address after 1 minute. inactivity: Indicates the relative aging time. After the relative aging time of secure dynamic MAC addresses is set, the system checks traffic from each secure dynamic MAC address every 1 minute. If no traffic is received from a secure dynamic MAC address, this MAC address is aged after the aging time expires.	N/A
/ietf-interfaces:interfaces/interface/huawei-mac:mac-security/port-security/sticky	Enables the sticky MAC function on an interface.	Boolean type. Options: true: enables the function. false: disables the function.	Before setting this object to true, you must set /ietf-interfaces:interfaces/interface/huawei-mac:mac-security/port-security/enable to true. Before setting ietf-interfaces:interfaces/interface/huawei-mac:mac-security/port-security/enable to false, you must set this object to false.