1-17
Description
Use the port-security port-mode command to set the security mode of the port.
Use the undo port-security port-mode command to restore the default mode.
By default, the port is in the noRestriction mode, namely access to the port is not restricted.
z Before setting the security mode to autolearn, you need to use the port-security max-mac-count
command to configure the maximum number of MAC addresses allowed on the port.
z When a port operates in the autolearn mode, you cannot change the maximum number of MAC
addresses allowed on the port.
z After setting the security mode to autolearn, you cannot configure static or blackhole MAC
addresses on the port.
z When the port security mode is not noRestriction, you need to use the undo port-security
port-mode command to change it back to noRestriction before you change the port security
mode to other modes.
On a port configured with a security mode, you cannot do the following:
z Configure the maximum number of MAC addresses that can be learned.
z Configure the port as a reflector port for port mirroring.
z Configure link aggregation.
Related commands: display port-security.
Examples
# Set the security mode of Ethernet 1/0/1 on the switch to userLogin.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] port-security enable
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] port-security port-mode userlogin
port-security timer autolearn
Syntax
port-security timer autolearn age
undo port-security timer autolearn
View
System view
Parameters
age: Aging time of the security MAC address entries, in the range 1 to 30240 minutes.
To Next Page
Loading...
