Port MAC security configuration

To configure the port MAC security feature, perform the following tasks:

  • Enable the port MAC security feature
  • Set the maximum number of secure MAC addresses for an interface
  • Set the port security age timer
  • Specify secure MAC addresses
  • Configure the device to automatically save secure MAC addresses to the startup-config file
  • Specify the action taken when a security violation occurs
Note: When using the absolute option to age out MAC addresses on timer expiry, make sure that the age timer value is sufficient. Avoid using a very short timer expiry with the absolute option, as the value may be in conflict with other timer settings and may cause performance problems in the network. For example, a one-minute timer expiry will cause MAC addresses to be flushed every minute. As a result, operational (enable/disable) loops and packet flooding may occur following a security violation, which by default causes a port to be disabled for one minute.