Port Security Configuration Example - H3C S5100-SI Series Operation Manual

Operation Manual – Port Security-Port Binding
H3C S5100-SI/EI Series Ethernet Switches

1.4 Port Security Configuration Example

1.4.1 Port Security Configuration Example
I. Network requirements
Implement access user restrictions through the following configuration on
GigabitEthernet 1/0/1 of the switch.
Allow a maximum of 80 users to access the port without authentication and permit
the port to learn and add the MAC addresses of the users as security MAC
addresses.
To ensure that Host can access the network, add the MAC address
0001-0002-0003 of Host as a security MAC address to the port in VLAN 1.
After the number of security MAC addresses reaches 80, the port stops learning
MAC addresses. If any frame with an unknown MAC address arrives, intrusion
protection is triggered and the port will be disabled and stay silent for 30 seconds.
II. Network diagram
Figure 1-1 Network diagram for port security configuration
III. Configuration procedure
# Enter system view.
<Switch> system-view
# Enable port security.
[Switch] port-security enable
# Enter GigabitEthernet1/0/1 port view.
[Switch] interface GigabitEthernet 1/0/1
# Set the maximum number of MAC addresses allowed on the port to 80.
[Switch-GigabitEthernet1/0/1] port-security max-mac-count 80
# Set the port security mode to autolearn.
[Switch-GigabitEthernet1/0/1] port-security port-mode autolearn
# Add the MAC address 0001-0002-0003 of Host as a security MAC address to the port
in VLAN 1.
[Switch-GigabitEthernet1/0/1] mac-address security 0001-0002-0003 vlan 1
# Configure the port to be silent for 30 seconds after intrusion protection is triggered.
Chapter 1 Port Security Configuration
1-12