Enabling Port Security; Setting Port Security's Limit On The Number Of Secure Mac Addresses On A Port - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Enabling port security
Before you enable port security, disable 802.1X and MAC authentication globally.
When port security is enabled, you cannot enable 802.1X or MAC authentication, or change the
access control mode or port authorization state. Port security automatically modifies these settings in
different security modes.
To enable port security:
Step
1.
Enter system view.
2.
Enable port security.
You can use the undo port-security enable command to disable port security. Because the
command logs off the online users, make sure no online users are present.
Enabling or disabling port security resets the following security settings to the default:
•
802.1X access control mode is MAC-based.
•
Port authorization state is auto.
For more information about 802.1X authentication and MAC authentication configuration, see
"Configuring 802.1X" and "Configuring MAC authentication."
Setting port security's limit on the number of
secure MAC addresses on a port
You can set the maximum number of secure MAC addresses that port security allows on a port for
the following purposes:
•
Controlling the number of concurrent users on the port.
For a port operating in a security mode (except for autoLearn and secure), the upper limit
equals the smaller of the following values:
The limit of the secure MAC addresses that port security allows.
The limit of concurrent users allowed by the authentication mode in use.
•
Controlling the number of secure MAC addresses on the port in autoLearn mode.
For a port operating in autoLearn mode, you can set the maximum number of secure MAC
addresses for all or specific VLANs. When the number of MAC addresses in a VLAN reaches the
upper limit, intrusion detection is triggered.
The port security's limit on the number of secure MAC addresses on a port is independent of the
MAC learning limit described in MAC address table configuration. For more information about MAC
address table configuration, see Layer 2—LAN Switching Configuration Guide.
To set the maximum number of secure MAC addresses allowed on a port:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Set the maximum number of
secure MAC addresses
Command
system-view
port-security enable
Command
system-view
interface interface-type
interface-number
port-security max-mac-count
228
Remarks
N/A
By default, port security is
disabled.
Remarks
N/A
N/A
By default, port security does not
limit the number of secure MAC
Advertisement
Table of Contents
Troubleshooting
