The port-security mac-address command configures a static secure MAC address.
The undo port-security mac-address command deletes a static secure MAC address.
By default, a static secure MAC address is not configured.
port-security mac-address mac-address vlan vlan-id
undo port-security mac-address mac-address vlan vlan-id
Parameter |
Description |
Value |
|---|---|---|
mac-address |
Specifies a static secure MAC address. |
The value is in H-H-H format. An H contains 1 to 4 hexadecimal digits. The MAC address cannot be The MAC address cannot be FFFF-FFFF-FFFF, 0000-0000-0000, or a multicast MAC address. |
vlan vlan-id |
Specifies the ID of a VLAN. |
The value is an integer that ranges from 1 to 4094. |
Ethernet interface view, GE interface view, XGE interface view, 25GE interface view, MultiGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view
Usage Scenario
After the port-security enable command is used to configure port security, the learned MAC address becomes a dynamic secure MAC address.
When the interface becomes Down or the device is reset, static secure MAC addresses are not affected, and dynamic secure MAC addresses need to be learned again. Static secure MAC addresses are not aged out. Static secure MAC addresses have higher priority than dynamic secure MAC addresses.
Prerequisites
Port security has been enabled by using the port-security enable command on the interface.
Precautions
Yu can run the port-security mac-address mac-address vlan vlan-id command multiple times to configure multiple static secure MAC addresses.
The static secure MAC cannot be the virtual MAC address of the Virtual Router Redundancy Protocol (VRRP).