maiobeyond.blogg.se

Interface maximum - You can configure a maximum number of MAC Addresses per interface.

Also, when Sticky Learning is enabled, dynamic learning is automatically disabled as they function similarly.Īs mentioned above, you can configure MAC address maximums based on interface or VLAN. It's important to point out that MAC addresses don't appear in the running configuration. Sticky - the switch learning MAC addresses in the same manner as Dynamic learning however MAC addresses are stored in NVRAM allowing the configuration to remain after a reboot. Time since the switch learned the MAC address.

Inactivity - the length of time since a packet has been received from the device. Also, there are two configurable options to determine a MAC Address’s age. A value of 0 will disable aging altogether. This value can be set between 0-1440 minutes. Switch automatically drops MAC address that has reached the configured age limit. Dynamically learned MAC addresses do not remain in the configuration if the switch reboots or if the MAC address reaches the aging limit.

MAC addresses can be statically configured on interfaces that have dynamic or sticky learning enabled as well.ĭynamic - with this method, the switch learns the device's MAC address once the device begins sending traffic. A static entry is only removed when an engineer removes the MAC address OR if the interface is configured as a layer 3 interface. Static - as the name suggests, this is a MAC address that is statically configured to the interface. There are three key ways a switch can be configured to learn and "secure" MAC addresses: You can configure a maximum number of MAC addresses for the interface and even per VLAN assigned to said interface. When port security is enabled on an interface, only one MAC address can be learned. Port Security works by learning a specific number of MAC addresses based on what the engineer defines. This is a low-level form of security that can be used to prevent unwanted devices from being connected to the network. If traffic from an invalid MAC is detected, it will be blocked or dropped. Port security is a method of securing an interface by only allowing traffic from a specific set or number of MAC Addresses. In this article, I will be discussing Switch Port Security.