48CHAPTER 9: PORT SECURITY CONFIGURATION GUIDE

#Enter Ethernet 1/0/1 port view.

 

[3Com] interface Ethernet1/0/1

 

# Set the maximum number of MAC addresses allowed on the port to 80.

 

[3Com-Ethernet1/0/1] port-security max-mac-count 80

 

# Set the port security mode to autolearn.

 

[3Com-Ethernet1/0/1] port-security port-mode autolearn

 

# Add the MAC address 0001-0002-0003 as a secure MAC address to VLAN 1.

 

[3Com-Ethernet1/0/1] mac-address security 0001-0002-0003 vlan 1

 

# Configure the port to be silent for 30 seconds after intrusion protection is

 

triggered.

 

[3Com-Ethernet1/0/1] port-security intrusion-mode disableport-temporarily

 

[3Com-Ethernet1/0/1] quit

 

[3Com] port-security timer disableport 30

Complete Configuration

#

 

port-security enable

 

port-security timer disableport 30

 

#

 

interface Ethernet1/0/1

 

port-security max-mac-count 80

 

port-security port-mode autolearn

 

port-security intrusion-mode disableport-temporarily

 

mac-address security 0001-0002-0003 vlan 1

 

#

Precautions

Before enabling port security, be sure to disable 802.1x and MAC

 

authentication globally.

 

On a port configured with port security, you cannot configure the maximum

 

number of MAC addresses that the port can learn, reflector port for port

 

mirroring, fabric port or link aggregation.

 

 

Configuring Port

In mac-authenticationmode, a port performs MAC authentication of users.

Security

 

mac-authentication

 

Mode

 

Page 48
Image 48
3Com 5500G, 4210, 4200G manual Security Mac-authentication Mode