Configuring Learned Port Security Enabling/Disabling Learned Port Security
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-7
Enabling/Disabling Learned Port Security
By default, LPS is disabled on all switch ports. To enable LPS on a port, use the port-security command.
For example, the following command enables LPS on port 1 of slot 4:
-> port-security 4/1 enable
To enable LPS on multiple ports, specify a range of ports or multiple slots. For example:
-> port-security 4/1-5 enable
-> port-security 5/12-20 6/10-15 enable
Note that when LPS is enabled on an active port, all MAC addresses learned on that port prior to the time
LPS was enabled are cleared from the source learning MAC address table.
To disable LPS on a port, use the port-security command with the disable parameter. For example, the
following command disables LPS on a range of ports:
-> port-security 5/21-24 6/1-4 disable
When LPS is disabled on a port, MAC address entries for that port are retained in the LPS table. The next
time LPS is enabled on the port, the same LPS table entries are again active. If there is a switch reboot
before the switch configuration is saved, however, dynamic MAC address entries are discarded from the
table.
Use the no form of this command to disable LPS and clear all entries (configured and dynamic) in the
LPS table for the specified port. For example:
-> no port-security 5/10
Configuring a Source Learning Time Limit
By default, the source learning time limit is disabled. Use the port-security shutdown command to set the
number of minutes the source learning window is to remain open for LPS ports. While this window is
open, source MAC addresses that comply with LPS port restrictions are authorized for learning on the
related LPS port. The following actions trigger the start of the source learning timer:
• The port-security shutdown command. Each time this command is issued, the timer restarts even if a
current window is still open or a previous window has expired.
• Switch reboot with a port-security shutdown command entry saved in the boot.cfg file.
The LPS source learning time limit is a switch-wide parameter that applies to all LPS enabled ports, not
just one or a group of LPS ports. The following command example sets the time limit value to 30 minutes:
-> port-security shutdown time 30
Once the time limit value expires, source learning of any new dynamic MAC addresses is stopped on all
LPS ports even if the number of addresses learned does not exceed the maximum allowed.
Note. Source learning of configured authorized MAC addresses is still allowed after the LPS time limit
has expired; however, all learning is stopped if the number of MAC addresses learned meets or exceeds
the maximum number of addresses allowed, even if the LPS time limit has not expired.