Port security configuration examples
Configuring the autoLearn mode
Network requirements
See
Figure
40. Configure port GigabitEthernet 1/0/1 on the Device, as follows:
Accept up to 64 users on the port without authentication.
•
Permit the port to learn and add MAC addresses as sticky MAC addresses, and set the sticky MAC
•
aging timer to 30 minutes.
After the number of secure MAC addresses reaches 64, the port stops learning MAC addresses. If
•
any frame with an unknown MAC address arrives, intrusion protection starts, and the port shuts
down and stays silent for 30 seconds.
Figure 40 Network diagram
Configuration procedure
# Enable port security.
<Device> system-view
[Device] port-security enable
# Set the secure MAC aging timer to 30 minutes.
[Device] port-security timer autolearn aging 30
# Enable intrusion protection traps on port GigabitEthernet 1/0/1.
[Device] port-security trap intrusion
[Device] interface gigabitethernet 1/0/1
# Set port security's limit on the number of MAC addresses to 64 on the port.
[Device-GigabitEthernet1/0/1] port-security max-mac-count 64
# Set the port security mode to autoLearn.
[Device-GigabitEthernet1/0/1] port-security port-mode autolearn
# Configure the port to be silent for 30 seconds after the intrusion protection feature is triggered.
[Device-GigabitEthernet1/0/1] port-security intrusion-mode disableport-temporarily
[Device-GigabitEthernet1/0/1] quit
[Device] port-security timer disableport 30
Verifying the configuration
# Display the port security configuration.
<Device> display port-security interface gigabitethernet 1/0/1
Equipment port-security is enabled
Intrusion trap is enabled
AutoLearn aging time is 30 minutes
123