To Next Page

To Previous Page

219

Usage guidelines

Secure MAC addresses are MAC addresses configured or learned in autoLearn mode, and if saved,

can survive a device reboot. You can bind a secure MAC address only to one port in a VLAN.

You can add important or frequently used MAC addresses as sticky or static secure MAC addresses

to avoid the secure MAC address limit causing authentication failure. To successfully add secure

MAC addresses on a port, first complete the following tasks:

• Enable port security on the port.

• Set the port security mode to autoLearn.

• Configure the port to permit packets of the specified VLAN to pass or add the port to the VLAN.

Make sure the VLAN already exists.

Sticky MAC addresses can be manually configured or automatically learned in autoLearn mode.

Sticky MAC addresses do not age out by default. You can use the port-security timer autolearn

aging command to set an aging timer for the sticky MAC addresses. When the timer expires, the

sticky MAC addresses are removed.

Static secure MAC addresses never age out unless you perform the following operations:

• Remove these MAC addresses by using the undo port-security mac-address security

command.

• Change the port security mode.

• Disable the port security feature.

You cannot change the type of a secure address entry that has been added or add two entries that

are identical except for their entry type. For example, you cannot add the port-security

mac-address security sticky 1-1-1 vlan 10 entry when a port-security mac-address security

1-1-1 vlan 10 entry exists. To add the new entry, you must delete the old entry.

Examples

# Enable port security, set GigabitEthernet 1/0/1 to operate in autoLearn mode, and configure the

port to support a maximum number of 100 secure MAC addresses.

<Sysname> system-view

[Sysname] port-security enable

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port-security max-mac-count 100

[Sysname-GigabitEthernet1/0/1] port-security port-mode autolearn

# Specify MAC address 0001-0002-0003 in VLAN 4 as a sticky MAC address.

[Sysname-GigabitEthernet1/0/1] port-security mac-address security sticky 0001-0002-0003

vlan 4

[Sysname-GigabitEthernet1/0/1] quit

# In system view, specify MAC address 0001-0001-0002 in VLAN 10 as a secure MAC address for

GigabitEthernet 1/0/1.

[Sysname] port-security mac-address security 0001-0001-0002 interface gigabitethernet

1/0/1 vlan 10

Related commands

display port-security

port-security timer autolearn aging

port-security mac-move permit

Use port-security mac-move permit to enable MAC move on the device.

Use undo port-security mac-move permit to disable MAC move on the device.

Other manuals for H3C MSR Series

Manual33 pages

Probe Command Reference28 pages

Configuration Guide80 pages

Troubleshooting Guide28 pages

User Guide26 pages

Questions and Answers:

Need help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General

Category	Network Router
IPv6 Support	Yes
Dimensions	Varies by model
Weight	Varies by model
Product Type	Modular Router
Ports	Varies by model
WAN Interfaces	Varies by model
Firewall	Yes
QoS	Yes
Wireless Support	Varies by model
USB Ports	Varies by model
Console Port	Yes
Power Supply	Varies by model
Redundancy	Varies by model
Operating Temperature	0°C to 45°C
Storage Temperature	-40°C to 70°C
Humidity	5% to 95% non-condensing
Series	MSR
Certifications	CE, FCC, RoHS