217
Enhancements in Release F.02.02
Port Security: Changes to Retaining Learned Static Addresses Across a Reboot
Port Security: Changes to Retaining Learned Static
Addresses Across a Reboot
Recommended Port Security Procedures
■ Before configuring port security, use the switch’s TFTP features to save a copy of the
configuration. In the event that you later want to remove the switch’s port security configu-
ration (including MAC addresses the switch has authorized) and reconfigure port security,
your task will be easier.
■ If you want to manually configure the authorized MAC addresses for a port (instead of
allowing the switch to learn whatever MAC addresses it detects first on the port), then prior
to configuring the Static learn mode on a port, remove the LAN link from the port. This
prevents the port from automatically learning MAC addresses that you do not want to include
in the authorized list. After you use the
port-security <port-list> mac-address <mac-addr> command
to configure the authorized addresses you want in the list, reconnect the link.
■ After you configure the authorized MAC addresses you want on a port, execute the write
memory command to make these addresses permanent in the switch’s configuration. (See
the "Assigned/Authorized Address" bullet under "Retention of Static Addresses" in the next
subsection.)
Retention of Static Addresses
Beginning with release F.02.02, port security operation has changed to the operation described below.
These changes affect information provided in Table 7-1, "Port Security Parameters" on pages 7-14 and
7-15 in the Management and Configuration Guide (p/n 5969-2354) provided for the Series 2500
switches.
■ Learned Addresses: In the following two cases, a port in Static learn mode retains a learned
MAC address even if you subsequently reboot the switch or disable port security for that port:
• The port learns a MAC address after you configure the port for Static learn mode in both
the startup-config file and the running-config files (by executing the
write memory
command).
• The port learns a MAC address after you configure the port for Static learn mode in only
the running-config file and, after the address is learned, you execute
write memory to
configure the startup-config file to match the running-config file.