1170 CHAPTER 91: PORT SECURITY CONFIGURATION
<Switch> system-view
[Switch] port-security enable
# Enable intrusion protection trap.
[Switch] port-security trap intrusion
[Switch] interface gigabitethernet 1/0/1
# Set the maximum number of secure MAC addresses allowed on the port to 64.
[Switch-GigabitEthernet1/0/1] port-security max-mac-count 64
# Set the port security mode to autoLearn.
[Switch-GigabitEthernet1/0/1] port-security port-mode autolearn
# Configure the port to be silent for 30 seconds after the intrusion protection
feature is triggered.
[Switch-GigabitEthernet1/0/1] port-security intrusion-mode disablepo
rt-temporarily
[Switch-GigabitEthernet1/0/1] quit
[Switch] port-security timer disableport 30
2 Verify the configuration
After completing the above configurations, you can use the following command
to view the port security configuration information:
<Switch> display port-security interface gigabitethernet 1/0/1
Equipment port-security is enabled
Intrusion trap is enabled
Disableport Timeout: 30s
OUI value:
GigabitEthernet1/0/1 is link-up
Port mode is autoLearn
NeedToKnow mode is disabled
Intrusion Protection mode is DisablePortTemporarily
Max MAC address number is 64
Stored MAC address number is 0
Authorization is permitted
As shown in the output, the maximum number of secure MAC addresses allowed
on the port is 64, the port security mode is autoLearn, the intrusion protection
trap is enabled, and the intrusion protection action is to keep the port temporarily
(DisablePortTemporarily) for 30 seconds.
You can also use the above command repeatedly to track the number of MAC
addresses learned by the port, or use the display this command in Ethernet port
view to display the secure MAC addresses learned, as shown below:
<Switch> system-view
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] display this
#
interface GigabitEthernet1/0/1
To Next Page
Loading...
