HPE FlexNetwork HSR6800 Security Command Reference page 195
Hide thumbs
Also See for FlexNetwork HSR6800:
- Configuration manual (503 pages) ,
- Command reference manual (153 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Usage guidelines
Secure MAC addresses are MAC addresses configured or learned in autoLearn mode. They can
survive link down/up events, and once saved, can survive a device reboot. You can bind a MAC
address to only one port in a VLAN.
When a port is operating in autoLearn mode, you can add important or frequently used MAC
addresses as sticky or static secure MAC addresses to avoid the secure MAC address limit causing
authentication failure.
Static secure MAC addresses never age out unless you remove them by using the undo
port-security mac-address security command, changing the port security mode, or disabling the
port security feature.
Sticky MAC addresses can be manually configured or automatically learned in autoLearn mode.
Sticky MAC addresses do not age out by default. You can use the port-security timer autolearn
aging command to set an aging timer for them. When the timer expires, the sticky MAC addresses
are removed.
You cannot change the type of a secure address entry that has been added or add two entries that
are identical except for their entry type. For example, you cannot add the port-security
mac-address security sticky 1-1-1 vlan 10 entry when a port-security mac-address security
1-1-1 vlan 10 entry exists. To add the new entry, you must delete the old entry.
To enable port security on a port, use the port-security enable command, and to set the port in
autoLearn mode, use the port-security port-mode autolearn command.
When the dynamic secure MAC function is enabled (using the port-security mac-address
dynamic command), you cannot manually configure sticky MAC addresses.
Examples
# Enable port security, set port GigabitEthernet 3/0/1 in autoLearn mode, and add a static secure
MAC address 0001-0001-0002 in VLAN 10.
<Sysname> system-view
[Sysname] port-security enable
[Sysname] interface gigabitethernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port-security max-mac-count 100
[Sysname-GigabitEthernet3/0/1] port-security port-mode autolearn
[Sysname-GigabitEthernet3/0/1] quit
[Sysname] port-security mac-address security 0001-0001-0002 interface gigabitethernet
3/0/1 vlan 10
# Enable port security, set port GigabitEthernet 3/0/1 in autoLearn mode, and add a static secure
MAC address 0001-0002-0003 in VLAN 4 in interface view.
<Sysname> system-view
[Sysname] port-security enable
[Sysname] interface gigabitethernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port-security max-mac-count 100
[Sysname-GigabitEthernet3/0/1] port-security port-mode autolearn
[Sysname-GigabitEthernet3/0/1] port-security mac-address security 0001-0002-0003 vlan 4
Related commands
•
display port-security
•
port-security timer autolearn aging
182
Advertisement
Table of Contents
