HP 6125XLG Command Reference Manual page 126
Blade switch security command reference
Hide thumbs
Also See for 6125XLG:
- Layer 3 - ip routing configuration manual (492 pages) ,
- Command reference manual (466 pages) ,
- Configuration manual (414 pages)
Table of Contents
Advertisement
undo port-security mac-address security [ [ mac-address [ interface interface-type interface-number ] ]
vlan vlan-id ]
Default
No secure MAC address entry is configured.
Views
Ethernet interface view, system view
Predefined user roles
network-admin
Parameters
sticky mac-address: Specifies a sticky MAC address, in H-H-H format. If you do not provide this keyword,
the command configures a static secure MAC address.
interface interface-type interface-number: Specifies an Ethernet port by its type and number.
vlan vlan-id: Specifies the VLAN that has the secure MAC address. The vlan-id argument represents the
ID of the VLAN in the range of 1 to 4094. Make sure that you have assigned the port to the specified
VLAN.
Usage guidelines
Secure MAC addresses are MAC addresses configured or learned in autoLearn mode, and if saved, can
survive a device reboot. You can bind a MAC address to only one port in a VLAN.
You can add important or frequently used MAC addresses as sticky or static secure MAC addresses to
avoid the secure MAC address limit causing authentication failure. To successfully add secure MAC
addresses on a port, first complete the following tasks:
Enable port security on the port.
•
•
Set the port security mode to autoLearn.
Configure the port to permit packets of the specified VLAN to pass or add the port to the VLAN.
•
Make sure the VLAN already exists.
Sticky MAC addresses can be manually configured or automatically learned in autoLearn mode. Sticky
MAC addresses do not age out by default. You can use the port-security timer autolearn aging
command to set an aging timer for them. When the timer expires, the sticky MAC addresses are
removed.
Static secure MAC addresses never age out unless you remove them by using the undo port-security
mac-address security command, changing the port security mode, or disabling the port security feature.
You cannot change the type of a secure address entry that has been added or add two entries that are
identical except for their entry type. For example, you cannot add the port-security mac-address security
sticky 1-1-1 vlan 10 entry when a port-security mac-address security 1-1-1 vlan 10 entry exists. To add the
new entry, you must delete the old entry.
Examples
# Enable port security, set port Ten-GigabitEthernet 1/1/6 in autoLearn mode, and set the maximum
number of secure MAC addresses allowed on the port to 100.
<Sysname> system-view
[Sysname] port-security enable
[Sysname] interface ten-gigabitethernet 1/1/6
[Sysname-Ten-GigabitEthernet1/1/6] port-security max-mac-count 100
[Sysname-Ten-GigabitEthernet1/1/6] port-security port-mode autolearn
1 17
- Quick Links:
- Local User Commands
- Local-User
- Password
Hide quick links:
Advertisement
Table of Contents
