beautypg.com

Setting the port security mode – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 241

background image

227

NOTE:

This configuration is independent of the MAC learning limit described in MAC address table configuration
in the

Layer 2 Configuration Guide.

Setting the port security mode

Before you set a port security mode for a port, complete the following tasks:

Disable 802.1X and MAC authentication.

Check that the port does not belong to any aggregation group or service loopback group.

NOTE:

You can specify a port security mode when port security is disabled, but your configuration cannot take
effect.

You cannot change the port security mode of a port when online users are present.

To enable a port security mode:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Set an OUI value for
user authentication.

port-security oui oui-value index
index-value

Optional.
Not configured by default.
The command is required for the

userlogin-withoui mode.

3.

Enter interface view.

interface interface-type
interface-number

To specify the userloginWithOUI
mode, you must enter Layer 2 Ethernet
interface view or WLAN-ESS interface

view.

4.

Set the port security
mode.

port-security port-mode
{ mac-authentication |

mac-else-userlogin-secure |

mac-else-userlogin-secure-ext | secure
| userlogin | userlogin-secure |

userlogin-secure-ext |

userlogin-secure-or-mac |
userlogin-secure-or-mac-ext |

userlogin-withoui }

By default, a port operates in
noRestrictions mode.

NOTE:

A port in userLoginWithOUI mode allows only one 802.1X user and one user whose MAC address
contains any specified OUI to pass authentication concurrently.

After enabling port security, you can change the port security mode of a port only when the port is
operating in noRestrictions (the default) mode. To change the port security mode for a port in any other

mode, use the undo port-security port-mode command to restore the default port security mode first.