181
Displaying and maintaining port security
To do… Use the command… Remarks
Display port security configuration
information, operation
information, and statistics about
one or more ports or all ports
display port-security [ interface
interface-list ] [ | { begin | exclude
| include } regular-expression ]
Available in any view
Display information about secure
MAC addresses
display port-security mac-address
security [ interface interface-type
interface-number ] [ vlan vlan-id ]
[ count ] [ | { begin | exclude |
include } regular-expression ]
Available in any view
Display information about blocked
MAC addresses
display port-security mac-address
block [ interface interface-type
interface-number ] [ vlan vlan-id ]
[ count ] [ | { begin | exclude |
include } regular-expression ]
Available in any view
Port security configuration examples
Configuring the autoLearn mode
Network requirements
Restrict port GigabitEthernet 1/0/1 of the switch:
• Allow up to 64 users to access the port without authentication and permit the port to learn and add
the MAC addresses of the users as secure MAC addresses.
• After the number of secure MAC addresses reaches 64, the port stops learning MAC addresses. If
any frame with an unknown MAC address arrives, intrusion protection is triggered and the port is
disabled and stays silent for 30 seconds.
Figure 69 Network diagram for configuring the autoLearn mode
Configuration procedure
1. Configure port security
# Enable port security.
<Switch> system-view
[Switch] port-security enable
# Enable port security traps for intrusion protection.
[Switch] port-security trap intrusion
[Switch] interface gigabitethernet 1/0/1
# Set the maximum number of secure MAC addresses allowed on the port to 64.
To Next Page
Loading...
