135
Configuration prerequisites
• Enable port security.
• Set port security's limit on the number of MAC addresses on the port. Perform this task before
you enable autoLearn mode.
• Set the port security mode to autoLearn.
Configuration procedure
To configure a secure MAC address:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Set the secure MAC
aging timer.
port-security timer autolearn aging
time-value
Optional.
By default, secure MAC
addresses do note age out, and
you can remove them only by
performing the
undo
port-security mac-address
security
command, changing the
port security mode, or disabling
the port security feature.
3. Configure a secure
MAC address.
• In system view:
port-security mac-address
security [sticky] mac-address
interface interface-type
interface-number vlan vlan-id
• In interface view:
a. interface interface-type
interface-number
b. port-security mac-address
security [ sticky ]
mac-address vlan vlan-id
c. quit
Use either method.
No secure MAC address exists by
default.
4. Enter Layer 2 Ethernet
port view.
interface
interface-type
interface-number
N/A
5. Enable inactivity
aging.
port-security mac-address
aging-type inactivity
Optional.
By default, the inactivity aging
function is disabled.
6. Enable the dynamic
secure MAC function.
port-security mac-address dynamic
Optional.
By default, sticky MAC addresses
can be saved to the configuration
file, and once saved, can survive
a device reboot.
Configuring port security for WLAN ports
Table 11 describes the key negotiation and PSK requirements for different port security modes on
WLAN ports.
To Next Page
Loading...
Need help?
General
