Configuring secure mac addresses, Configuration prerequisites, Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual

9-11

z

intrusion: Detection of illegal frames.

Follow these steps to configure trapping for port security:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable trapping for port security

port-security trap

{ addresslearned |

dot1xlogfailure | dot1xlogoff |

dot1xlogon | intrusion |

ralmlogfailure | ralmlogoff |

ralmlogon }

Required

By default, trapping for port

security is disabled.

Configuring Secure MAC Addresses

Secure MAC addresses never age out or get lost if saved before the device restarts. One secure MAC

address can be added to only one port in the same VLAN. Thus, you can bind a MAC address to one

port in the same VLAN.

Secure MAC addresses can be:

z

Learned by a port operating in autoLearn mode.

z

Manually configured through the command line interface (CLI) or management information base

(MIB).

When the maximum number of secure MAC addresses is reached, no more can be added. The port

allows only frames sourced from secure MAC addresses to pass through.

Configuration Prerequisites

z

Enable port security

z

Set the maximum number of secure MAC addresses for the port

z

Set the port security mode to autoLearn

Configuration Procedure

Follow these steps to configure a secure MAC address:

To do…

Use the command…

Remarks

Enter system view

system-view

—

In system view

port-security mac-address security

mac-address interface interface-type

interface-number vlan vlan-id

Configure a

secure MAC

address

In interface

interface interface-type interface-number

Required

Use either approach

No secure MAC address is

configured by default.