Configuring the online user handshake function, Configuring the authentication trigger function, Configuring secure mac addresses – H3C Technologies H3C S12500-X Series Switches User Manual

Page 108: Configuration prerequisites

Advertising
background image

96

Step Command

Remarks

3.

Configure the intrusion

protection feature.

port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }

By default, intrusion protection is
disabled.

4.

Return to system view.

quit

N/A

5.

(Optional.) Set the silence
timeout period during which a

port remains disabled.

port-security timer disableport
time-value

By default, the port silence timeout
is 20 seconds.

NOTE:

On a port operating in either macAddressElseUserLoginSecure mode or
macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MAC

authentication and 802.1X authentication fail for the same frame.

69B

Configuring secure MAC addresses

Secure MAC addresses are configured or learned in autoLearn mode. If they are saved, they can survive

a device reboot. You can bind a secure MAC address to only one port in a VLAN.
Secure MAC addresses include static and sticky secure MAC addresses.

Table 6 A comparison of static and sticky secure MAC addresses

Type

Address sources

Aging mechanism

Can be saved and

survive a device

reboot?

Static Manually

added

Not available.
They never age out unless you manually remove
them, change the port security mode, or disable

the port security feature.

Yes.

Sticky

Manually added or

automatically learned
by ports

Sticky MAC addresses by default do not age
out, but you can configure an aging timer to

delete old sticky MAC addresses. If you set the
aging timer to 0, sticky MAC addresses never

age out.

Yes.
The aging timer restarts
at a reboot.

NOTE:

When the maximum number of secure MAC address entries is reached, the port changes to secure mode, and
it cannot add or learn any more secure MAC addresses. The port allows only frames sourced from a secure

MAC address or a MAC address configured by using the mac-address dynamic or mac-address static
command to pass through.

207B

Configuration prerequisites

Enable port security.

Set port security's limit on the number of MAC addresses on the port. Perform this task before you
enable autoLearn mode.

Set the port security mode to autoLearn.

Advertising
This manual is related to the following products:

H3C S5560 Series Switches, H3C WX6000 Series Access Controllers, H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module, H3C S9800 Series Switches, H3C S5130 Series Switches, H3C S5120 Series Switches

Popular Brands
Popular manuals