Enabling port security, Configuration prerequisites – H3C Technologies H3C S3100 Series Switches User Manual

1-5

Enabling Port Security

Configuration Prerequisites

Before enabling port security, you need to disable 802.1x and MAC authentication globally.

Enabling Port Security

Follow these steps to enable port security:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enable port security

port-security enable

Required

Disabled by default

Enabling port security resets the following configurations on the ports to the defaults (shown in

parentheses below):

z

802.1x (disabled), port access control method (macbased), and port access control mode (auto)

z

MAC authentication (disabled)

In addition, you cannot perform the above-mentioned configurations manually because these

configurations change with the port security mode automatically.

z

For details about 802.1x configuration, refer to the sections covering 802.1x and System-Guard.

z

For details about MAC authentication configuration, refer to the sections covering MAC

authentication configuration.

Setting the Maximum Number of MAC Addresses Allowed on a Port

Port security allows more than one user to be authenticated on a port. The number of authenticated

users allowed, however, cannot exceed the configured upper limit.

By setting the maximum number of MAC addresses allowed on a port, you can

z

Control the maximum number of users who are allowed to access the network through the port

z

Control the number of Security MAC addresses that can be added with port security

This configuration is different from that of the maximum number of MAC addresses that can be leaned

by a port in MAC address management.

Follow these steps to set the maximum number of MAC addresses allowed on a port:

To do...

Use the command...

Remarks

Enter system view

system-view

—