Setting the port security mode – H3C Technologies H3C S3100 Series Switches User Manual

1-6

To do...

Use the command...

Remarks

Enter Ethernet port view

interface interface-type
interface-number

—

Set the maximum number of
MAC addresses allowed on the
port

port-security max-mac-count
count-value

Required

Not limited by default

Setting the Port Security Mode

Follow these steps to set the port security mode:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Set the OUI value for user
authentication

port-security oui OUI-value
index index-value

Optional

In userLoginWithOUI mode, a
port supports one 802.1x user
plus one user whose source
MAC address has a specified
OUI value.

Enter Ethernet port view

interface interface-type
interface-number

—

Set the port security mode

port-security port-mode
{ autolearn |
mac-and-userlogin-secure |
mac-and-userlogin-secure-e
xt | mac-authentication |
mac-else-userlogin-secure |
mac-else-userlogin-secure-e
xt | secure | userlogin |
userlogin-secure |
userlogin-secure-ext |
userlogin-secure-or-mac |
userlogin-secure-or-mac-ext
| userlogin-withoui }

Required

By default, a port operates in
noRestriction mode. In this
mode, access to the port is not
restricted.

You can set a port security
mode as needed.

z

Before setting the port security mode to autolearn, you need to set the maximum number of MAC

addresses allowed on the port with the port-security max-mac-count command.

z

When the port operates in the autoLearn mode, you cannot change the maximum number of MAC

addresses allowed on the port.

z

After you set the port security mode to autolearn, you cannot configure any static or blackhole

MAC addresses on the port.

z

If the port is in a security mode other than noRestriction, before you can change the port security

mode, you need to restore the port security mode to noRestriction with the undo port-security

port-mode command.