< Home

port-security aging-time

Function

The port-security aging-time command sets the aging time of secure dynamic MAC addresses on an interface.

The undo port-security aging-time command restores the default configuration.

By default, secure dynamic MAC addresses will not be aged out.

Format

port-security aging-time time [ type { absolute | inactivity } ]

undo port-security aging-time

Parameters

Parameter

Description

Value

time

Specifies the aging time of secure dynamic MAC addresses.

The value is an integer that ranges from 1 to 1440, in minutes.

type

Specifies the type of the aging time.

The default type is absolute, indicating the absolute aging time.

absolute

Indicates the absolute aging time. After the aging time of secure dynamic MAC addresses is set, the system calculates the lifetime of each MAC address every minute. If the lifetime of a MAC address plus 1 is greater than or equal to time minutes, the secure dynamic MAC address is aged immediately. If the lifetime is smaller than time minutes, the system determines whether to delete the secure dynamic MAC address after 1 minute.

-

inactivity

Indicates the relative aging time. After the relative aging time is set to time minutes, the system checks traffic from each secure dynamic MAC address every 1 minute. If no traffic is received from a secure dynamic MAC address, this MAC address is aged out after time minutes.

-

Views

Ethernet interface view, GE interface view, XGE interface view, 25GE interface view, MultiGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After you run the port-security enable command to enable port security on an interface, MAC address entries learned by the interface are saved in the MAC address table as secure dynamic MAC addresses. The learned secure dynamic MAC addresses will not be aged by default. When the number of learned MAC addresses reaches the limit, the interface cannot learn new MAC addresses.

If MAC addresses learned by an interface can be trusted only for a certain period, run the port-security aging-time command to set the aging time of secure dynamic MAC addresses on the interface. Then secure dynamic MAC addresses can be aged out and the interface can learn new MAC addresses.

Prerequisites

Port security is enabled on the interface.

Precautions

If the aging time of secure dynamic MAC addresses on an interface is shorter than the global aging time of dynamic MAC addresses, secure dynamic MAC addresses are aged out when the global aging time expires.

If you run the port-security aging-time command multiple times in the same interface view, only the latest configuration takes effect.

Example

# Set the aging time of secure dynamic MAC addresses on GE0/0/1 to 30 minutes.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-security enable
[HUAWEI-GigabitEthernet0/0/1] port-security aging-time 30
Parent Topic: Port Security Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >