Operation Manual – Port Security-Port Binding
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
Port Security Configuration
1-5
Operation Command Description
Set the time during
which a port is
temporarily
disabled
port-security timer
disableport timer
Optional
By default, it is 20 seconds.
Note:
After the port-security intrusion-mode disableport-temporarily command is
executed on a port, the time set by the port-security timer disableport timer
command determines how long the port can be temporarily disabled.
To avoid confliction, the following restrictions on the 802.1x authentication and MAC
address authentication will be taken after port security is enabled:
1) The access control mode (set by the dot1x port-control command) automatically
changes to auto.
2) The dot1x, dot1x port-method, dot1x port-control, and mac-authentication
commands cannot be used.
Note:
z For details about 802.1x authentication, refer to the 802.1x part of S3600 S3600
Series Ethernet Switches Operation Manual.
z You cannot add a port configured with port security to a link aggregation group.
z You cannot configure the port-security port-mode mode command on a port if the
port is in a link aggregation group.
1.2.2 Configuring Security MAC Addresses
Security MAC addresses are special type of MAC addresses. They are similar to static
MAC addresses. One security MAC address can only be added to one port in the same
VLAN. So you can bind a MAC address to one port in the same VLAN.
Security MAC addresses can be learned by the auto-learn function of port security. In
addition, you can manually configure them through CLI or MIB.
Before adding security MAC addresses to a port, you must configure the port security
mode to autolearn. After this configuration, the port changes its way to learn MAC
addresses.
z The port deletes original dynamic MAC addresses;
To Next Page
Loading...
Need help?
General