Setting the port security mode
After enabling port security, you can change the port security mode of a port only when the port is
operating in noRestrictions (the default) mode. To change the port security mode for a port in any other
mode, first use the undo port-security port-mode command to restore the default port security mode.
You can specify a port security mode when port security is disabled, but your configuration cannot take
effect.
You cannot change the port security mode of a port when online users are present.
Configuration prerequisites
Before you set a port security mode for a port, complete the following tasks:
Disable 802.1X and MAC authentication.
•
Verify that the port does not belong to any aggregation group.
•
If you are configuring the autoLearn mode, set port security's limit on the number of MAC addresses.
•
You cannot change the setting when the port is operating in autoLearn mode.
Configuration procedure
To enable a port security mode:
Step
1.
Enter system view.
2.
Set an OUI value for
user authentication.
3.
Enter Layer 2 Ethernet
interface view.
4.
Set the port security
mode.
Command
system-view
port-security oui oui-value index
index-value
interface interface-type
interface-number
port-security port-mode { autolearn |
mac-authentication |
mac-else-userlogin-secure |
mac-else-userlogin-secure-ext | secure
| userlogin | userlogin-secure |
userlogin-secure-ext |
userlogin-secure-or-mac |
userlogin-secure-or-mac-ext |
userlogin-withoui }
157
Remarks
N/A
Required for the userlogin-withoui
mode.
Not configured by default.
To set multiple OUI values, repeat this
step.
N/A
By default, a port operates in
noRestrictions mode.