19-11
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Chapter 19 Configuring Traffic Control
Configuring EVC MAC Security
Use the no form of the commands to remove the configuration and return to the default configuration.
This example shows how to enable mac security on a service instance, permit the specified MAC address,
and to set the maximum number of secure addresses to 50. MAC security aging time is 750 minutes. The
violation mode is the default (errdisable) and sticky learning is enabled.
Switch(config)#
interface gigabitethernet0/1
Switch(config-if)#
switchport mode trunk
Switch(config-if)#
switchport mode allowed VLAN none
Switch (config-if)#
service instance
2
Ethernet
Switch (config-if-srv)#
encapsulation dot1q
Switch (config-if-srv)#
bridge-domain 2
Switch (config-if-srv)#
mac security
Switch (config-if-srv)#
mac security permit mac-address 0000.0000.0003
Switch (config-if-srv)#
mac security maximum addresses 50
Switch (config-if-srv)#
mac security aging time 750
Switch (config-if-srv)#
mac security sticky
Switch (config-if-srv)#
end
You can verify the previous commands by entering the show ethernet service instance number
interface interface-id mac security privileged EXEC command.
Step 12
mac security aging {static | sticky |
time aging-time [inactivity]
(Optional) Configure MAC security aging characteristics for the service
instance.
•
static—Specify that the configured aging time applies to permitted MAC
addresses. By default, this only affects dynamically learned addresses.
•
sticky—Specify that the aging time also applies to dynamically learned
sticky addresses.
•
time aging-time—Configure the aging time of addresses in the MAC
table in minutes. The range is 1 to 1440 minutes.
•
(Optional) inactivity—Specify that the aging time is based on inactivity
in sending hosts and not on an absolute time, calculated from the last
frame sent and not the first frame.
Step 13
mac security sticky [address
mac-address]
(Optional) Enable the sticky feature on a service instance. This means that
MAC addresses that are learned dynamically on the EFP are kept persistent
across line transitions and device reloads.
•
(Optional) address mac-address—Adds the specified MAC address as a
sticky address for the EFP. You must enable the sticky feature before you
can configure a sticky MAC address.
Step 14
end
Return to privileged EXEC mode.
Step 15
show ethernet service instance
number interface interface-id mac
security [address | last violation |
statistics}
Verify your entries.
Step 16
copy running-config
startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose