Configuring and Monitoring Port Security

Port Security

Syntax: port-security (Continued)

clear-intrusion-flag

Clears the intrusion flag for a specific port. (See “Reading Intrusion Alerts and Resetting Alert Flags” on page 11-30.)

no port-security <port-list>mac-address <mac-addr> [<mac-addr>

<mac-addr>]

Removes the specified learned MAC address(es) from the specified port.

Retention of Static Addresses

Static MAC addresses do not age-out. MAC addresses learned by using learn- mode continuous or learn-mode limited-continuous age out according to the currently configured MAC age time. (For information on the mac-age-time command, refer to the chapter titled “Interface Access and System Informa- tion” in the Management and Configuration Guide for your switch.

Learned Addresses. In the following two cases, a port in Static learn mode retains a learned MAC address even if you later reboot the switch or disable port security for that port:

The port learns a MAC address after you configure the port for Static learn mode in both the startup-config file and the running-config file (by exe- cuting the write memory command).

The port learns a MAC address after you configure the port for Static learn mode in only the running-config file and, after the address is learned, you execute write memory to configure the startup-config file to match the running-config file.

To remove an address learned using either of the preceding methods, do one of the following:

Delete the address by using no port-security < port-number> mac-address < mac-addr>.

Download a configuration file that does not include the unwanted MAC address assignment.

Reset the switch to its factory-default configuration.

Assigned/Authorized Addresses. : If you manually assign a MAC address (using port-security<port-number>address-list<mac-addr>) and then execute write memory, the assigned MAC address remains in memory until you do one of the following:

11-17