Displaying and maintaining port security, Port security configuration examples, Port security configuration for autolearn mode – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 149: Network requirements, Network diagram, Configuration procedure, 10 port security configuration examples
19-10
Displaying and Maintaining Port Security
To do…
Use the command…
Remarks
Display port security configuration
information, operation information,
and statistics about one or more
ports or all ports
display port-security
[ interface interface-list ]
Available in any view
Display information about secure
MAC addresses
display port-security mac-address security
[ interface interface-type interface-number ]
[ vlan vlan-id ] [ count ]
Available in any view
Display information about blocked
MAC addresses
display port-security mac-address block
[ interface interface-type interface-number ]
[ vlan vlan-id ] [ count ]
Available in any view
Port Security Configuration Examples
Port Security Configuration for autoLearn Mode
Network requirements
Restrict port GigabitEthernet 0/0/1 of the switch as follows:
z
Allow up to 64 users to access the port without authentication and permit the port to learn and add
the MAC addresses of the users as secure MAC addresses.
z
After the number of secure MAC addresses reaches 64, the port stops learning MAC addresses. If
any frame with an unknown MAC address arrives, intrusion protection is triggered and the port is
disabled and stays silence for 30 seconds.
Network diagram
Figure 19-1
Network diagram for port security configuration for autoLearn mode
Configuration procedure
1) Configure port security
# Enable port security.
<AC> system-view
[AC] port-security enable
# Enable intrusion protection trap.
[AC] port-security trap intrusion
[AC] interface gigabitethernet 0/0/1
# Set the maximum number of secure MAC addresses allowed on the port to 64.
[AC-GigabitEthernet0/0/1] port-security max-mac-count 64
# Set the port security mode to autoLearn.
[AC-GigabitEthernet0/0/1] port-security port-mode autolearn
# Configure the port to be silent for 30 seconds after the intrusion protection feature is triggered.