Port security configuration examples, Port security mode autolearn configuration example, Network requirements – H3C Technologies H3C S3600 Series Switches User Manual
Page 205
1-15
To do...
Use the command...
Remarks
Enter Ethernet port view
interface
interface-type
interface-number
—
Set the maximum number of
secure MAC addresses allowed
on the port
port-security max-mac-count
count-value
Required
By default, there is no limit on
the number of secure MAC
addresses.
Set the security mode of the port
to autoLearn
port-security port-mode
autolearn
Required
By default, a port operates in
noRestriction mode, and
access to the port is not
restricted.
After you execute the port-security timer autolearn command, you can display secure MAC address
entries by the display mac-address security command. Though the aging time field displayed has a
value of "NOAGED", the aging of secure MAC address entries is enabled already.
Displaying and Maintaining Port Security Configuration
To do...
Use the command...
Remarks
Display information about port
security configuration
display port-security [ interface interface-list ]
Display information about
secure MAC address
configuration
display mac-address security [ interface
interface-type interface-number ] [ vlan vlan-id ]
[ count ]
Available in
any view
Port Security Configuration Examples
Port Security Mode autoLearn Configuration Example
Network requirements
Restrict Ethernet 1/0/1 of the switch as follows:.
z
Allow a maximum of 80 users to access the port without authentication and permit the port to learn
and add the MAC addresses of the users as secure MAC addresses.
z
To ensure that Host can access the network, add the MAC address 0001-0002-0003 of Host as a
secure MAC address to the port in VLAN 1.
z
After the number of secure MAC addresses reaches 80, the port stops learning MAC addresses. If
any frame with an unknown MAC address arrives, intrusion protection is triggered and the port will
be disabled and stay silent for 30 seconds.