H3C Technologies H3C S3100 Series Switches User Manual

1-11

To do...

Use the command...

Remarks

interface interface-type interface-number

In Ethernet
port view

mac-address security mac-address vlan
vlan-id

security MAC
address is
configured.

Configuring an aging time for learned security MAC address entries

By default, learned security MAC address entries will never be aged; they are deleted only when the

port security feature is disabled or the security mode is not autolearn any more.

You can configure an aging time for security MAC address entries. When the timer of an entry expires,

the entry is removed from the security MAC address table.

Follow these steps to configure an aging time for learned security MAC address entries:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enable port security

port-security enable

—

Configure the aging time for
learned security MAC address
entries

port-security timer autolearn
age

Required

Aging of MAC address entries
is disabled by default.

Enter Ethernet port view

interface

interface-type

interface-number

—

Set the maximum number of
MAC addresses allowed on the
port

port-security max-mac-count
count-value

Required

By default, there is no limit on
the number of MAC
addresses.

Set the security mode of the port
to autolearn

port-security port-mode
autolearn

Required

By default, a port operates in
noRestriction mode, and
access to the port is not
restricted.

After you execute the port-security timer autolearn command, you can display security MAC address

entries by the display mac-address security command. Though the aging time field displayed has a

value of "NOAGED", the aging of security MAC address entries is enabled already.

Displaying and Maintaining Port Security Configuration

To do...

Use the command...

Remarks

Display information about port
security configuration

display port-security [ interface interface-list ]

Available in
any view