H3C Technologies H3C S3600 Series Switches User Manual
Page 199
1-9
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enable port security
port-security enable
Required
Disabled by default
Enabling port security resets the following configurations on a port to the bracketed defaults. Then
values of these configurations cannot be changed manually; the system will adjust them based on the
port security mode automatically.
z
802.1X (disabled), port access control method (macbased), and port authorization mode (auto)
z
MAC authentication (disabled)
z
For details about 802.1X authentication, refer to the relevant sections in 802.1x and System-Guard
Operation.
z
For details about MAC authentication, refer to sections in MAC Address Authentication Operation.
z
The port security feature does not support the quick EAD deployment feature in 802.1X.
Setting the Maximum Number of Secure MAC Addresses Allowed on a Port
You can set a limit on the number of users to be authenticated on a port. The number of authenticated
users allowed, however, cannot exceed the upper limit. The maximum number of users on a port in a
security mode is determined by the maximum number of secure MAC addresses or the maximum
number of authenticated users that the security mode supports, whichever is smaller.
By setting the maximum number of MAC addresses allowed on a port, you can:
z
Control the maximum number of users who are allowed to access the network through the port
z
Control the number of secure MAC addresses that can be added with port security
This configuration is independent of the maximum number of MAC addresses that can be leaned by the
port in MAC address management.
Follow these steps to set the maximum number of MAC addresses allowed on a port:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Set the maximum number of
MAC addresses allowed on the
port
port-security max-mac-count
count-value
Required
Not limited by default