Port security configuration examples
autoLearn configuration example
Network requirements
See
Figure
65. Configure port Ten-GigabitEthernet 1/0/1 on the device, as follows:
Accept up to 64 users on the port without authentication.
•
Permit the port to learn and add MAC addresses as sticky MAC addresses, and set the secure MAC
•
aging timer to 30 minutes.
After the number of secure MAC addresses reaches 64, the port stops learning MAC addresses. If
•
any frame with an unknown MAC address arrives, intrusion protection starts, and the port shuts
down and stays silent for 30 seconds.
Figure 65 Network diagram
Host
Configuration procedure
# Enable port security.
<Device> system-view
[Device] port-security enable
# Set the secure MAC aging timer to 30 minutes.
[Device] port-security timer autolearn aging 30
# Set port security's limit on the number of secure MAC addresses to 64 on port Ten-GigabitEthernet
1/0/1.
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] port-security max-mac-count 64
# Set the port security mode to autoLearn.
[Device-Ten-GigabitEthernet1/0/1] port-security port-mode autolearn
# Configure the port to be silent for 30 seconds after the intrusion protection feature is triggered.
[Device-Ten-GigabitEthernet1/0/1] port-security intrusion-mode disableport-temporarily
[Device-Ten-GigabitEthernet1/0/1] quit
[Device] port-security timer disableport 30
Verifying the configuration
# Display the port security configuration.
[Device] display port-security interface ten-gigabitethernet 1/0/1
Port security is enabled globally
AutoLearn aging time is 30 minutes
Disableport Timeout: 30s
OUI value:
XGE1/0/1
Device
Internet
155