Operating notes
- If a static MAC address is configured for a particular VLAN, port security prevents dynamic MAC address learning on same VLAN. However, a new static MAC address can be configured for the VLAN.
If a static MAC address is configured after dynamic learning of MAC addresses for the particular VLAN, then all the dynamic MAC addresses are removed from that VLAN.
Dynamic MAC addresses can be learnt on a port for other VLANs where static MAC address is not configured.
A static MAC address configured on a port cannot be configured on another port with mixed learn-mode.
Dynamic MAC addresses can age-out. Static MAC addresses do not age-out even after a switch reboots.
NOTE:No support for per port MAC age-out-time. Existing global
mac-age-time
is applicable. For more information, see Retention of static addresses.Configuration of
port-security learn-mode mixed
is supported through CLI only.The MAC address table in the switch is populated with MAC addresses learnt from the network, and static MAC address configured on the particular port-VLAN pair.
All port security violation action commands are supported in mixed learn-mode. For more information, see Configuring port security.
All security violations are detected and entered in the intrusion log. For more information on intrusion log, see Reading intrusion alerts and resetting alert flags.
Existing address limit is applicable to both static and dynamic MAC address learning for all VLANs. For more information, see Configuring port security.
No support for per VLAN address limit.
You cannot configure dynamically learnt MAC address as static MAC address in mixed learn mode.
No support for configuring
port-security learn-mode mixed
through web UI. Modifyingport-security
configuration through web UI inmixed learn
mode is not recommended.port-security mixed learn mode
is displayed ascontinuous
mode in web UI. For more information, see show port-security.