Operating notes

  • If a static MAC address is configured for a particular VLAN, port security prevents dynamic MAC address learning on same VLAN. However, a new static MAC address can be configured for the VLAN.
  • If a static MAC address is configured after dynamic learning of MAC addresses for the particular VLAN, then all the dynamic MAC addresses are removed from that VLAN.

  • Dynamic MAC addresses can be learnt on a port for other VLANs where static MAC address is not configured.

  • A static MAC address configured on a port cannot be configured on another port with mixed learn-mode.

  • Dynamic MAC addresses can age-out. Static MAC addresses do not age-out even after a switch reboots.


    No support for per port MAC age-out-time. Existing global mac-age-time is applicable. For more information, see Retention of static addresses.

  • Configuration of port-security learn-mode mixed is supported through CLI only.

  • The MAC address table in the switch is populated with MAC addresses learnt from the network, and static MAC address configured on the particular port-VLAN pair.

  • All port security violation action commands are supported in mixed learn-mode. For more information, see Configuring port security.

  • All security violations are detected and entered in the intrusion log. For more information on intrusion log, see Reading intrusion alerts and resetting alert flags.

  • Existing address limit is applicable to both static and dynamic MAC address learning for all VLANs. For more information, see Configuring port security.

  • No support for per VLAN address limit.

  • You cannot configure dynamically learnt MAC address as static MAC address in mixed learn mode.

  • No support for configuring port-security learn-mode mixed through web UI. Modifying port-security configuration through web UI in mixed learn mode is not recommended.

  • port-security mixed learn mode is displayed as continuous mode in web UI. For more information, see show port-security.