Troubleshooting port security, Cannot set the port security mode, Symptom – H3C Technologies H3C S7500E Series Switches User Manual

9-22

Periodic reauthentication is disabled

The port is an authenticator

Authentication Mode is Auto

Port Control Type is Mac-based

802.1X Multicast-trigger is enabled

Mandatory authentication domain: NOT configured

Guest VLAN: NOT configured

Auth-Fail VLAN: NOT configured

Max number of on-line users is 1024

EAPOL Packet: Tx 16331, Rx 102

Sent EAP Request/Identity Packets : 16316

EAP Request/Challenge Packets: 6

EAP Success Packets: 4, Fail Packets: 5

Received EAPOL Start Packets : 6

EAPOL LogOff Packets: 2

EAP Response/Identity Packets : 80

EAP Response/Challenge Packets: 6

Error Packets: 0

1. Authenticated user : MAC address: 0002-0000-0011

Controlled User(s) amount to 1

In addition, as NTK is enabled, frames with unknown destination MAC addresses, multicast addresses,

and broadcast addresses should be discarded.

Troubleshooting Port Security

Cannot Set the Port Security Mode

Symptom

Cannot set the port security mode.

[Switch-GigabitEthernet2/0/1] port-security port-mode autolearn

Error:When we change port-mode, we should first change it to noRestrictions, then change

it to the other.

Analysis

For a port operating in a port security mode other than noRestrictions, you cannot change the port

security mode by using the port-security port-mode command directly.

Solution

Set the port security mode to noRestrictions first.

[Switch-GigabitEthernet2/0/1] undo port-security port-mode

[Switch-GigabitEthernet2/0/1] port-security port-mode autolearn

Cannot Configure Secure MAC Addresses

Symptom

Cannot configure secure MAC addresses.

[Switch-GigabitEthernet2/0/1] port-security mac-address security 1-1-2 vlan 1

Error: Security MAC address configuration failed.