Enabling Port Security
Follow these steps to enable port security:
To do...
Enter system view
Enable port security
Enabling port security resets the following configurations on the ports to the defaults (shown in
parentheses below):
802.1x (disabled), port access control method (macbased), and port access control mode (auto)
MAC authentication (disabled)
In addition, you cannot perform the above-mentioned configurations manually because these
configurations change with the port security mode automatically.
For details about 802.1x configuration, refer to the sections covering 802.1x and System-Guard.
For details about MAC authentication configuration, refer to the sections covering MAC
authentication configuration.
Setting the Maximum Number of MAC Addresses Allowed on a Port
Port security allows more than one user to be authenticated on a port. The number of authenticated
users allowed, however, cannot exceed the configured upper limit.
By setting the maximum number of MAC addresses allowed on a port, you can
Control the maximum number of users who are allowed to access the network through the port
Control the number of Security MAC addresses that can be added with port security
This configuration is different from that of the maximum number of MAC addresses that can be leaned
by a port in MAC address management.
Follow these steps to set the maximum number of MAC addresses allowed on a port:
To do...
Enter system view
Enter Ethernet port view
Set the maximum number of
MAC addresses allowed on the
port
Use the command...
system-view
port-security enable
Use the command...
system-view
interface interface-type
interface-number
port-security max-mac-count
count-value
1-5
Remarks
—
Required
Disabled by default
Remarks
—
—
Required
Not limited by default