Alcatel-Lucent 6850-48 Guida Di Rete
Configuring Learned Port Security
Configuring Learned Port Security
page 3-8
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Use the no form of this command to remove LPS and clear all entries (configured and dynamic) in the
LPS table for the specified port. For example:
LPS table for the specified port. For example:
-> no port-security 5/10
After LPS is removed, all the dynamic and static MAC addresses will be flushed and the learning of new
MAC addresses will be enabled.
MAC addresses will be enabled.
Configuring a Source Learning Time Limit
By default, the source learning time limit is disabled. Use the
command to set the
number of minutes the source learning window is to remain open for LPS ports. While this window is
open, source MAC addresses that comply with LPS port restrictions are authorized for learning on the
related LPS port. The following actions trigger the start of the source learning timer:
open, source MAC addresses that comply with LPS port restrictions are authorized for learning on the
related LPS port. The following actions trigger the start of the source learning timer:
• The port-security shutdown command. Each time this command is issued, the timer restarts even if a
current window is still open or a previous window has expired.
• Switch reboot with a port-security shutdown command entry saved in the boot.cfg file.
The LPS source learning time limit is a switch-wide parameter that applies to all LPS enabled ports, not
just one or a group of LPS ports. The following command example sets the time limit value to 30 minutes:
just one or a group of LPS ports. The following command example sets the time limit value to 30 minutes:
-> port-security shutdown time 30
Once the time limit value expires, source learning of any new dynamic MAC addresses is stopped on all
LPS ports even if the number of addresses learned does not exceed the maximum allowed.
LPS ports even if the number of addresses learned does not exceed the maximum allowed.
Note. The LPS source learning time window has a higher priority over the maximum number of MAC
addresses allowed. Therefore, if the learning interval expires before the port has learned the maximum
MAC addresses allowed, the port will not learn anymore MAC addresses.
addresses allowed. Therefore, if the learning interval expires before the port has learned the maximum
MAC addresses allowed, the port will not learn anymore MAC addresses.
When the source learning time window expires, all the dynamic MAC addresses learned on the LPS ports
start to age out. To prevent this, all dynamic MAC addresses must be converted to static MAC addresses.
The convert-to-static parameter used with the
start to age out. To prevent this, all dynamic MAC addresses must be converted to static MAC addresses.
The convert-to-static parameter used with the
command enables or disables the
conversion of dynamic MAC addresses to static MAC addresses on LPS ports when the source learning
time window expires.
time window expires.
To enable the conversion of dynamic MAC addresses to static MAC addresses on LPS ports when the
source learning time window expires, use the
source learning time window expires, use the
command with the
convert-to-static parameter, as shown:
-> port-security shutdown 30 convert-to-static enable
To disable the conversion of dynamic MAC addresses to static MAC addresses when the source learning
time window expires, use the
time window expires, use the
command with the convert-to-static parameter, as
shown:
-> port-security shutdown 30 convert-to-static disable
To convert the dynamically learned MAC addresses to static addresses on a specific LPS port at any time
irrespective of the source learning time window, use the
irrespective of the source learning time window, use the
command. For
example, to convert the dynamic MAC addresses on port 8 of slot 4 to static ones, enter:
-> port-security 4/8 convert-to-static