H3C S5500-EI Series Operation Manual – Port Security
Hide thumbs
Also See for S5500-EI Series:
- Operation manual (1529 pages) ,
- Configuration manual (490 pages) ,
- Security configuration manual (448 pages)
Table of Contents
Advertisement
Quick Links
Operation Manual - Port Security
H3C S5500-EI Series Ethernet Switches
Chapter 1 Port Security Configuration........................................................................................ 1-1
1.1 Introduction to Port Security .............................................................................................. 1-1
1.1.1 Port Security Overview............................................................................................ 1-1
1.1.2 Port Security Features ............................................................................................ 1-1
1.1.3 Port Security Modes................................................................................................ 1-2
1.2 Port Security Configuration Task List ................................................................................ 1-4
1.3 Enabling Port Security ....................................................................................................... 1-4
1.3.1 Configuration Prerequisites..................................................................................... 1-4
1.3.2 Configuration Procedure ......................................................................................... 1-4
1.4 Setting the Maximum Number of Secure MAC Addresses................................................ 1-5
1.5 Setting the Port Security Mode .......................................................................................... 1-6
1.5.1 Enabling the autoLearn Mode ................................................................................. 1-6
1.5.2 Enabling the userLoginWithOUI Mode.................................................................... 1-7
1.5.3 Enabling any other Port Security Mode .................................................................. 1-7
1.6 Configuring Port Security Features.................................................................................... 1-8
1.6.1 Configuring NTK...................................................................................................... 1-8
1.6.2 Configuring Intrusion Protection.............................................................................. 1-8
1.6.3 Configuring Trapping............................................................................................... 1-9
1.7 Configuring Secure MAC Addresses ................................................................................. 1-9
1.7.1 Configuration Prerequisites................................................................................... 1-10
1.7.2 Configuration Procedure ....................................................................................... 1-10
1.8 Ignoring the Authorization Information from the Server................................................... 1-10
1.9 Displaying and Maintaining Port Security ........................................................................ 1-11
1.10 Port Security Configuration Examples........................................................................... 1-11
1.10.1 Port Security Configuration for autoLearn Mode................................................. 1-11
1.10.2 Port Security Configuration for userLoginWithOUI Mode ................................... 1-14
1.10.3 Port Security Configuration for macAddressElseUserLoginSecure Mode.................. 1-18
1.11 Troubleshooting Port Security ....................................................................................... 1-21
1.11.1 Cannot Set the Port Security Mode .................................................................... 1-21
1.11.2 Cannot Configure Secure MAC Addresses ........................................................ 1-22
1.11.3 Cannot Change Port Security Mode When a User Is Online.............................. 1-22
Table of Contents
i
Table of Contents
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for H3C S5500-EI Series
Summary of Contents for H3C S5500-EI Series
-
Page 1: Table Of Contents
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Security Configuration..................1-1 1.1 Introduction to Port Security ....................1-1 1.1.1 Port Security Overview.................... 1-1 1.1.2 Port Security Features .................... 1-1 1.1.3 Port Security Modes.................... -
Page 2: Chapter 1 Port Security Configuration
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration Chapter 1 Port Security Configuration When configuring port security, go to these sections for information you are interested Introduction to Port Security Port Security Configuration Task List... -
Page 3: Port Security Modes
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration II. Intrusion protection The intrusion protection feature checks the source MAC addresses in inbound frames and takes a pre-defined action accordingly upon detecting illegal frames. The action may be disabling the port temporarily, disabling the port permanently, or blocking frames with the MAC address for three minutes (unmodifiable). - Page 4 Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration Security mode Description Features In this mode, a port performs 802.1x userLoginSecur authentication of users in portbased mode and services only one user passing 802.1x authentication.
-
Page 5: Port Security Configuration Task List
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration Note: Currently, port security supports two authentication methods: 802.1x and MAC authentication. Different port security modes employ different authentication method or different combinations of authentication methods. -
Page 6: Setting The Maximum Number Of Secure Mac Addresses
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration Note that: Enabling port security resets the following configurations on a port to the defaults bracketed, making them dependent completely on the port security mode: 802.1x (disabled), port access control method (macbased), and port access... -
Page 7: Setting The Port Security Mode
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration To do… Use the command… Remarks Set the maximum number port-security Required of secure MAC addresses max-mac-count Not limited by default allowed on a port count-value 1.5 Setting the Port Security Mode... -
Page 8: Enabling The Userloginwithoui Mode
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number Required Enable the autoLearn port-security port-mode... -
Page 9: Configuring Port Security Features
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration To do… Use the command… Remarks Enter system view system-view — Enter Ethernet interface interface-type — port view interface-number port-security port-mode { mac-authentication | Required... -
Page 10: Configuring Trapping
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number port-security Required Configure the intrusion intrusion-mode... -
Page 11: Configuration Prerequisites
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration 1.7.1 Configuration Prerequisites Enable port security Set the maximum number of secure MAC addresses allowed on the port Set the port security mode to autoLearn 1.7.2 Configuration Procedure... -
Page 12: Displaying And Maintaining Port Security
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration To do… Use the command… Remarks Required Ignore the authorization port-security By default, a port uses the information from the authorization ignore authorization information RADIUS server from the RADIUS server. - Page 13 Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration III. Configuration procedure Configure port security # Enable port security. <Switch> system-view [Switch] port-security enable # Enable intrusion protection trap. [Switch] port-security trap intrusion [Switch] interface gigabitethernet 1/0/1 # Set the maximum number of secure MAC addresses allowed on the port to 64.
- Page 14 Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration You can also use the above command repeatedly to track the number of MAC addresses learned by the port, or use the display this command in Ethernet port view to display the secure MAC addresses learned, as shown below: <Switch>...
-
Page 15: Port Security Configuration For Userloginwithoui Mode
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration Now, if you manually delete several secure MAC addresses, the port security mode of the port will be restored to autoLearn, and the port will be able to learn MAC addresses again. - Page 16 Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration # Set the IP addresses of the primary authentication and accounting servers to 192.168.1.1 and 192.168.1.2 respectively. [Switch-radius-radsun] primary authentication 192.168.1.1 [Switch-radius-radsun] primary accounting 192.168.1.2 # Set the IP addresses of the secondary authentication and accounting servers to 192.168.1.2 and 192.168.1.1 respectively.
- Page 17 Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration [Switch] port-security oui 1234-0100-1111 index 1 [Switch] port-security oui 1234-0200-1111 index 2 [Switch] port-security oui 1234-0300-1111 index 3 [Switch] port-security oui 1234-0400-1111 index 4 [Switch] port-security oui 1234-0500-1111 index 5 [Switch] interface gigabitethernet 1/0/1 # Set the port security mode to userLoginWithOUI.
- Page 18 Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration Idle-cut = Disable Self-service = Disable Use the following command to view the port security configuration information: <Switch> display port-security interface gigabitethernet 1/0/1 Equipment port-security is enabled...
-
Page 19: Port Security Configuration For Macaddresselseuserloginsecure Mode
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration The port is an authenticator Authentication Mode is Auto Port Control Type is Mac-based 802.1X Multicast-trigger is enabled Guest VLAN: 0 Max number of on-line users is 256... - Page 20 Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration Enable NTK to prevent frames from being sent to unknown MAC addresses. II. Network diagram Figure 1-2. III. Configuration procedure Note: Configurations on the host and RADIUS servers are omitted.
- Page 21 Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration OUI value: GigabitEthernet1/0/1 is link-up Port mode is macAddressElseUserLoginSecure NeedToKnow mode is NeedToKnowOnly Intrusion Protection mode is NoAction Max MAC address number is 64 Stored MAC address number is 0...
-
Page 22: Troubleshooting Port Security
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration Quiet Period 60 s, Quiet Period Timer is disabled Supp Timeout 30 s, Server Timeout 100 s The maximal retransmitting times EAD quick deploy configuration:... -
Page 23: Cannot Configure Secure Mac Addresses
Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration Error:When we change port-mode, we should first change it to noRestrictions, then change it to the other. II. Analysis For a port working in a port security mode other than noRestrictions, you cannot change the port security mode by using the port-security port-mode command directly. - Page 24 Operation Manual – Port Security H3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration Error:Cannot configure port-security for there is 802.1X user(s) on line on port GigabitEthernet1/0/1. II. Analysis Changing port security mode is not allowed when an 802.1x-authenticated or MAC authenticated user is online.
Need help?
Do you have a question about the S5500-EI Series and is the answer not in the manual?
Questions and answers