202
C
25: P
HAPTER
ORT
Port Security
Configuration
Enabling Port Security
Setting the Maximum
Number of MAC
Addresses Allowed on a
S
C
ECURITY
ONFIGURATION
Table 130 Port security configuration tasks
Task
"Enabling Port Security" on page 202
"Setting the Maximum Number of MAC Addresses Allowed
on a Port" on page 202
"Setting the Port Security Mode" on page 203
"Configuring Port Security
Features" on page 204
"Ignoring the Authorization Information from the RADIUS
Server" on page 204
"Configuring Security MAC Addresses" on page 205
Table 131 Enable port security
Operation
Enter system view
Enable port security
c
CAUTION: Enabling port security resets the following configurations on the ports
to the defaults (shown in parentheses below)
802.1x (disabled), port access control method (macbased), and port access
■
control mode (auto)
MAC authentication (disabled)
■
In addition, you cannot perform the above-mentioned configurations manually
because these configurations change with the port security mode automatically.
n
For details about 802.1x configuration, refer to "802.1x Configuration" on
■
page 389.
For details about MAC authentication configuration, refer to "Centralized MAC
■
Address Authentication Configuration" on page 233.
Port security allows more than one user to be authenticated on a port. The
number of authenticated users allowed, however, cannot exceed the configured
upper limit.
Port
By setting the maximum number of MAC addresses allowed on a port, you can
Control the maximum number of users who are allowed to access the network
■
through the port
Control the number of Security MAC addresses that can be added with port
■
security
"Configuring the NTK feature"
on page 204
"Configuring intrusion
protection" on page 204
"Configuring the Trap feature"
on page 204
Command
system-view
port-security enable
Remarks
Required
Optional
Required
Optional
Choose one or more features as
required.
Optional
Optional
Remarks
-
Required
Disabled by default