Enhancements in Release F.02.02

Port Security: Changes to Retaining Learned Static Addresses Across a Reboot

Port Security: Changes to Retaining Learned Static Addresses Across a RebootRecommended Port Security Procedures

Before configuring port security, use the switch’s TFTP features to save a copy of the configuration. In the event that you later want to remove the switch’s port security configu- ration (including MAC addresses the switch has authorized) and reconfigure port security, your task will be easier.

If you want to manually configure the authorized MAC addresses for a port (instead of allowing the switch to learn whatever MAC addresses it detects first on the port), then prior to configuring the Static learn mode on a port, remove the LAN link from the port. This prevents the port from automatically learning MAC addresses that you do not want to include in the authorized list. After you use the port-security<port-list>mac-address<mac-addr>command to configure the authorized addresses you want in the list, reconnect the link.

After you configure the authorized MAC addresses you want on a port, execute the write memory command to make these addresses permanent in the switch’s configuration. (See the "Assigned/Authorized Address" bullet under "Retention of Static Addresses" in the next subsection.)

Retention of Static Addresses

Beginning with release F.02.02, port security operation has changed to the operation described below. These changes affect information provided in Table 7-1, "Port Security Parameters" on pages 7-14 and 7-15 in the Management and Configuration Guide (p/n 5969-2354) provided for the Series 2500 switches.

Learned Addresses: In the following two cases, a port in Static learn mode retains a learned MAC address even if you subsequently reboot the switch or disable port security for that port:

The port learns a MAC address after you configure the port for Static learn mode in both the startup-config file and the running-config files (by executing the write memory command).

The port learns a MAC address after you configure the port for Static learn mode in only the running-config file and, after the address is learned, you execute write memory to configure the startup-config file to match the running-config file.

217