H3C Technologies H3C WX3000 Series Unified Switches User Manual

18-4

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable port security

port-security enable

Required
Disabled by default

Enabling port security resets the following configurations on the ports to the defaults (shown in
parentheses below):

z

802.1x (disabled), port access control method (macbased), and port access control mode (auto)

z

MAC authentication (disabled)

In addition, you cannot perform the above-mentioned configurations manually because these
configurations change with the port security mode automatically.

z

For details about 802.1x configuration, refer to 802.1x and System-Guard in H3C WX3000 Series

Unified Switches Switching Engine Configuration Guide

.

z

For details about MAC authentication configuration, refer to MAC Address Authentication in H3C

WX3000 Series Unified Switches Switching Engine Configuration Guide

.

Setting the Maximum Number of MAC Addresses Allowed on a Port

Port security allows more than one user to be authenticated on a port. The number of authenticated
users allowed, however, cannot exceed the configured upper limit.

By setting the maximum number of MAC addresses allowed on a port, you can

z

Control the maximum number of users who are allowed to access the network through the port

z

Control the number of Security MAC addresses that can be added with port security

This configuration is different from that of the maximum number of MAC addresses that can be leaned
by a port in MAC address management.

Follow these steps to set the maximum number of MAC addresses allowed on a port:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface

interface-type

interface-number

—

Set the maximum number of MAC
addresses allowed on the port

port-security max-mac-count

count-value

Required
Not limited by default