beautypg.com

Setting the port security age timer – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 220

background image

For example, to configure interface 7/11 to have a maximum of 10 secure MAC addresses, enter the
following commands.

device(config)#interface ethernet 7/11

device(config-if-e1000-7/11)#port security

device(config-port-security-e1000-7/11)#maximum 10

Syntax: maximum number-of-addresses

The number-of-addresses parameter can be set to a number from 0 through 64 plus (the total
number of global resources available). The total number of global resources is 2048 or 4096,
depending on flash memory size. Setting the parameter to 0 prevents any addresses from being
learned. The default is 1.

Setting the port security age timer

By default, learned MAC addresses stay secure indefinitely. You can optionally configure the device to
age out secure MAC addresses after a specified amount of time.

To set the port security age timer to 10 minutes on all interfaces, enter the following commands.

device

(config)#port security

device

(config-port-security)#age 10

To age out secure MAC-addresses immediately after one minute, enter the following commands:

device

(config)#

port security

device

(config-port-security)#

age

1

absolute

To set the port security age timer to 10 minutes on a specific interface, enter the following commands.

device(config)#interface ethernet 7/11

device(config-if-e1000-7/11)#port security

device(config-port-security-e1000-7/11)#age 10

Syntax: [no] age minutes [ minutes | absolute ]

The minutes variable specifies a range from 0 through 1440 minutes. The default is 0 (never age out
secure MAC addresses).

The optional absolute keyword sets all secure MAC addresses to age out immediately once the
specified time expires. If the absolute keyword is not specified, secure MAC addresses are aged out
only when the configured hardware MAC age time expires.

NOTE
Even though you can set age time to specific ports independent of the device-level setting, the actual
age timer will take the greater of the two values. Thus, if you set the age timer to 3 minutes for the
port, and 10 minutes for the device, the port MAC aging happens in 10 minutes (the device-level
setting), which is greater than the port setting that you have configured.

Setting the port security age timer

220

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: