Port security configuration example, Network requirements, Configuration procedure – H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 150

Advertising
background image

18-9

Displaying and Maintaining Port Security Configuration

To do…

Use the command…

Remarks

Display information about port
security configuration

display port-security

[ interface interface-list ]

Display information about security
MAC address configuration

display mac-address security

[ interface

interface-type

interface-number ] [ vlan vlan-id ]

[ count ]

Available in any
view

Port Security Configuration Example

Network requirements

As shown in

Figure 18-1

, implement access user restrictions through the following configuration on

GigabitEthernet 1/0/1 of the switch.

z

Allow a maximum of 80 users to access the port without authentication and permit the port to learn
and add the MAC addresses of the users as security MAC addresses.

z

To ensure that Host can access the network, add the MAC address 0001-0002-0003 of Host as a
security MAC address to the port in VLAN 1.

z

After the number of security MAC addresses reaches 80, the port stops learning MAC addresses. If
any frame with an unknown MAC address arrives, intrusion protection is triggered and the port will
be disabled and stay silent for 30 seconds.

Figure 18-1

Network diagram for port security configuration

Internet

Switch

Host

MAC: 0001-0002-0003

GE1/0/1

Internet

Switch

Host

MAC: 0001-0002-0003

GE1/0/1

Configuration procedure

# Enter system view.

<device> system-view

# Enable port security.

[device] port-security enable

# Enter GigabitEthernet 1/0/1 port view.

[device] interface GigabitEthernet 1/0/1

# Set the maximum number of MAC addresses allowed on the port to 80.

[device-GigabitEthernet1/0/1] port-security max-mac-count 80

# Set the port security mode to autolearn.

[device-GigabitEthernet1/0/1] port-security port-mode autolearn

# Add the MAC address 0001-0002-0003 of Host as a security MAC address to the port in VLAN 1.

[device-GigabitEthernet1/0/1] mac-address security 0001-0002-0003 vlan 1

# Configure the port to be silent for 30 seconds after intrusion protection is triggered.

[device-GigabitEthernet1/0/1] port-security intrusion-mode disableport-temporarily

Advertising
Popular Brands
Popular manuals