H3C S5500-EI series Operation Manual page 1442
Hide thumbs
Also See for S5500-EI series:
- Configuration manual (490 pages) ,
- Security configuration manual (448 pages) ,
- Operation manual (216 pages)
Table of Contents
Advertisement
Operation Manual – Port Security
H3C S5500-EI Series Ethernet Switches
Enable NTK to prevent frames from being sent to unknown MAC addresses.
II. Network diagram
See
Figure
III. Configuration procedure
Note:
Configurations on the host and RADIUS servers are omitted.
1)
Configure the RADIUS protocol
The required RADIUS authentication/accounting configurations are the same as those
in
Port Security Configuration for userLoginWithOUI
2)
Configure port security
# Enable port security.
<Switch> system-view
[Switch] port-security enable
# Configure a MAC authentication user, setting the user name and password to aaa
and 123456 respectively.
[Switch] mac-authentication user-name-format fixed account aaa password
simple 123456
[Switch] interface gigabitethernet 1/0/1
# Set the maximum number of secure MAC addresses allowed on the port to 64.
[Switch-GigabitEthernet1/0/1] port-security max-mac-count 64
# Set the port security mode to macAddressElseUserLoginSecure.
[Switch-GigabitEthernet1/0/1]
mac-else-userlogin-secure
# Set the NTK mode of the port to ntkonly.
[Switch-GigabitEthernet1/0/1] port-security ntk-mode ntkonly
3)
Verify the configuration
After completing the above configurations, you can use the following command to view
the port security configuration information:
<Switch> display port-security interface gigabitethernet 1/0/1
Equipment port-security is enabled
Trap is disabled
Disableport Timeout: 20s
1-2.
Chapter 1 Port Security Configuration
Mode.
port-security
1-19
port-mode
Advertisement
Chapters
Table of Contents
Troubleshooting
