H3C S5500-EI series Operation Manual page 1435

Operation Manual – Port Security
H3C S5500-EI Series Ethernet Switches
III. Configuration procedure
1) Configure port security
# Enable port security.
<Switch> system-view
[Switch] port-security enable
# Enable intrusion protection trap.
[Switch] port-security trap intrusion
[Switch] interface gigabitethernet 1/0/1
# Set the maximum number of secure MAC addresses allowed on the port to 64.
[Switch-GigabitEthernet1/0/1] port-security max-mac-count 64
# Set the port security mode to autoLearn.
[Switch-GigabitEthernet1/0/1] port-security port-mode autolearn
# Configure the port to be silent for 30 seconds after the intrusion protection feature is
triggered.
[Switch-GigabitEthernet1/0/1]
disableport-temporarily
[Switch-GigabitEthernet1/0/1] quit
[Switch] port-security timer disableport 30
2) Verify the configuration
After completing the above configurations, you can use the following command to view
the port security configuration information:
<Switch> display port-security interface gigabitethernet 1/0/1
Equipment port-security is enabled
Intrusion trap is enabled
Disableport Timeout: 30s
OUI value:
GigabitEthernet1/0/1 is link-up
Port mode is autoLearn
NeedToKnow mode is disabled
Intrusion Protection mode is DisablePortTemporarily
Max MAC address number is 64
Stored MAC address number is 0
Authorization is permitted
As shown in the output, the maximum number of secure MAC addresses allowed on
the port is 64, the port security mode is autoLearn, the intrusion protection trap is
enabled, and the intrusion protection action is to keep the port temporarily
(DisablePortTemporarily) for 30 seconds.
Chapter 1 Port Security Configuration
port-security
1-12
intrusion-mode