Ten-GigabitEthernet1/1/5 is link-up
Port mode: autoLearn
NeedToKnow mode: Disabled
Intrusion protection mode: DisablePortTemporarily
Max number of secure MAC addresses: 64
Current number of secure MAC addresses: 5
Authorization is permitted
The output shows that the port security's limit on the number of secure MAC addresses on the port is 64,
the port security mode is autoLearn, and the intrusion protection action is disabling the port
(DisablePortTemporarily) for 30 seconds.
After the configuration takes effect, the port allows for MAC address learning, and you can view the
number of learned MAC addresses in the Current number of secure MAC addresses field. To view more
information about the learned MAC addresses, use the display this command in interface view.
[Device] interface ten-gigabitethernet 1/1/5
[Device-Ten-GigabitEthernet1/1/5] display this
port-security max-mac-count 64
port-security port-mode autolearn
port-security mac-address security sticky 0002-0000-0015 vlan 1
port-security mac-address security sticky 0002-0000-0014 vlan 1
port-security mac-address security sticky 0002-0000-0013 vlan 1
port-security mac-address security sticky 0002-0000-0012 vlan 1
port-security mac-address security sticky 0002-0000-0011 vlan 1
Execute the display port-security interface command after the number of MAC addresses learned by the
port reaches 64. You can see that the port security mode has changed to secure.
When any frame with a new MAC address arrives, intrusion protection is triggered and you see the port
has been disabled. The port should be re-enabled 30 seconds later.
After the port is re-enabled, delete several secure MAC addresses. You can see that the port security
mode of the port changes to autoLearn, and the port can learn MAC addresses again.
userLoginWithOUI configuration example
As shown in
device authenticates the client with a RADIUS server. If the authentication succeeds, the client is
authorized to access the Internet.
The RADIUS server at 192.168.1.2 functions as the primary authentication server and the secondary
accounting server, and the RADIUS server at 192.168.1.3 functions as the secondary authentication
server and the primary accounting server. The shared key for authentication is name, and that for
accounting is money.
All users use the authentication, authorization, and accounting methods of ISP domain sun.
36, a client is connected to the device through port Ten-GigabitEthernet 1/1/5. The