The security MAC addresses manually configured are written to the configuration file; they will not get lost when the port is up or down. As long as the configuration file is saved, the security MAC addresses can be restored after the device reboots.

Configuration prerequisites

z

z

z

Port security is enabled.

The maximum number of security MAC addresses allowed on the port is set. The security mode of the port is set to autolearn.

Configuration procedure

Follow these steps to configure a security MAC address

 

To do…

Use the command…

Remarks

 

Enter system view

system-view

 

 

 

 

 

 

 

In system

mac-address security

 

 

 

mac-address interface

 

 

 

view

interface-type interface-number

 

 

Add a security

 

vlan vlan-id

Either is required.

 

 

 

By default, no security MAC

 

interface interface-type

 

MAC address

 

 

 

In Ethernet

interface-number

address is configured.

 

 

 

 

 

 

port view

mac-address security

 

 

 

 

 

 

 

 

mac-address vlan vlan-id

 

 

 

 

 

 

Displaying and Maintaining Port Security Configuration

 

To do…

Use the command…

Remarks

 

Display information about port

display port-security [ interface

 

 

security configuration

interface-list ]

 

 

 

 

 

 

Display information about security

display mac-address security

Available in any view

 

[ interface interface-type

 

 

MAC address configuration

interface-number ] [ vlan vlan-id ]

 

 

 

[ count ]

 

 

 

 

 

Port Security Configuration Example

Network requirements

As shown in Figure 1-1, implement access user restrictions through the following configuration on GigabitEthernet 1/0/1 of the switch.

zAllow a maximum of 80 users to access the port without authentication and permit the port to learn and add the MAC addresses of the users as security MAC addresses.

1-9

Page 146
Image 146
3Com WX3000 operation manual Displaying and Maintaining Port Security Configuration, Port Security Configuration Example