Port security configuration examples, Configuring the autolearn mode, Network requirements – H3C Technologies H3C S7500E Series Switches User Manual

9-13

To do…

Use the command…

Remarks

Display information about secure

MAC addresses

display port-security

mac-address security [ interface

interface-type interface-number ]

[ vlan vlan-id ] [ count ]

Available in any view

Display information about blocked

MAC addresses

display port-security

mac-address block [ interface

interface-type interface-number ]

[ vlan vlan-id ] [ count ]

Available in any view

Port Security Configuration Examples

Configuring the autoLearn Mode

Network requirements

Restrict port GigabitEthernet 2/0/1 of the switch as follows:

z

Allow up to 64 users to access the port without authentication and permit the port to learn and add

the MAC addresses of the users as secure MAC addresses.

z

After the number of secure MAC addresses reaches 64, the port stops learning MAC addresses.

If any frame with an unknown MAC address arrives, intrusion protection is triggered and the port

is disabled and stays silent for 30 seconds.

Figure 9-1 Network diagram for configuring the autoLearn mode

Configuration procedure

1) Configure port security

# Enable port security.

system-view

[Switch] port-security enable

# Enable trapping for intrusion protection.

[Switch] port-security trap intrusion

[Switch] interface gigabitethernet 2/0/1

# Set the maximum number of secure MAC addresses allowed on the port to 64.

[Switch-GigabitEthernet2/0/1] port-security max-mac-count 64

# Set the port security mode to autoLearn.

[Switch-GigabitEthernet2/0/1] port-security port-mode autolearn

# Configure the port to be silent for 30 seconds after the intrusion protection feature is triggered.

[Switch-GigabitEthernet2/0/1] port-security intrusion-mode disableport-temporarily