Enabling port security – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

226

Task Remarks

Configuring a PSK

Ignoring authorization information from the server

Optional.

Enabling remote authentication proxy

Optional.

Enabling port security

Before you enable port security, disable 802.1X and MAC authentication globally.
To enable port security:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable port security.

port-security enable

By default, the port security is enabled.

Enabling or disabling port security resets the following security settings to the default:

•

802.1X access control mode is MAC-based, and the port authorization state is auto.

•

Port security mode is noRestrictions.

When port security is enabled, you cannot manually enable 802.1X or MAC authentication, or change

the access control mode or port authorization state. The port security automatically modifies these

settings in different security modes.
You cannot disable port security when online users are present.
For more information about 802.1X configuration, see "Configuring 802.1X."
For more information about MAC authentication configuration, see "Configuring MAC authentication."

Setting port security's limit on the number of MAC
addresses on a port

You can set the maximum number of MAC addresses that port security allows on a port to control the

number of concurrent users on the port. The maximum number of concurrent users on the port equals this

limit or the limit of the authentication mode (802.1X for example) in use, whichever is smaller.
To set the maximum number of MAC addresses allowed on a port:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type
interface-number

N/A

3.

Set the limit of port security on

the number of MAC
addresses.

port-security max-mac-count
count-value

Not limited by default