Port Security Configuration Examples; Autolearn Configuration Example - H3C S5830V2 Security Configuration Manual

Task
Display information about secure MAC
addresses.
Display information about blocked MAC
addresses.

Port security configuration examples

autoLearn configuration example

Network requirements
See Figure 34. Configure port Ten-GigabitEthernet 1/0/1 on the device, as follows:
Accept up to 64 users on the port without authentication.
•
• Permit the port to learn and add MAC addresses as sticky MAC addresses, and set the secure MAC
aging timer to 30 minutes.
After the number of secure MAC addresses reaches 64, the port stops learning MAC addresses. If
•
any frame with an unknown MAC address arrives, intrusion protection starts, and the port shuts
down and stays silent for 30 seconds.
Figure 34 Network diagram
Host
Configuration procedure
# Enable port security.
<Device> system-view
[Device] port-security enable
# Set the secure MAC aging timer to 30 minutes.
[Device] port-security timer autolearn aging 30
# Set port security's limit on the number of secure MAC addresses to 64 on port Ten-GigabitEthernet
1/0/1.
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] port-security max-mac-count 64
# Set the port security mode to autoLearn.
[Device-Ten-GigabitEthernet1/0/1] port-security port-mode autolearn
# Configure the port to be silent for 30 seconds after the intrusion protection feature is triggered.
[Device-Ten-GigabitEthernet1/0/1] port-security intrusion-mode disableport-temporarily
[Device-Ten-GigabitEthernet1/0/1] quit
[Device] port-security timer disableport 30
XGE1/0/1
Device
Command
display port-security mac-address security [ interface
interface-type interface-number ] [ vlan vlan-id ] [ count ]
display port-security mac-address block [ interface interface-type
interface-number ] [ vlan vlan-id ] [ count ]
Internet
95