Table of Contents
Advertisement
Step
1.
Enter system view.
2.
Enable the
authorization-fail-offline
feature.
Displaying and maintaining port security
Execute display commands in any view:
Task
Display the port security configuration,
operation information, and statistics.
Display information about secure MAC
addresses.
Display information about blocked MAC
addresses.
Port security configuration examples
autoLearn configuration example
Network requirements
As shown in
requirements:
•
Accept up to 64 users without authentication.
•
Be permitted to learn and add MAC addresses as sticky MAC addresses, and set the secure
MAC aging timer to 30 minutes.
•
Stop learning MAC addresses after the number of secure MAC addresses reaches 64. If any
frame with an unknown MAC address arrives, intrusion protection starts, and the port shuts
down and stays silent for 30 seconds.
Figure 71 Network diagram
Configuration procedure
# Enable port security.
<Device> system-view
[Device] port-security enable
Command
system-view
port-security authorization-fail
offline
Figure
71, configure port FortyGigE 1/1/1 on the device to meet the following
Command
display port-security [ interface interface-type
interface-number ]
display port-security mac-address security [ interface
interface-type interface-number ] [ vlan vlan-id ] [ count ]
display port-security mac-address block [ interface
interface-type interface-number ] [ vlan vlan-id ] [ count ]
195
Remarks
N/A
By default, this feature is disabled,
and the device does not log off
users who fail ACL or user profile
authorization.
Advertisement
Table of Contents
Troubleshooting
