l Type and number of the interface connected to computers of employees
l VLAN allowed by the interface
l Protective action taken when the number of learned MAC addresses exceeds the limit
l Maximum number of MAC addresses learned on the interface
Procedure
Step 1 Create a VLAN and set the link type of the interface to trunk.
<Huawei> system-view
[Huawei] vlan 10
[Huawei-vlan10] quit
[Huawei] interface ethernet 2/0/1
[Huawei-Ethernet2/0/1] port link-type trunk
[Huawei-Ethernet2/0/1] port trunk allow-pass vlan 10
Step 2 Configure the port security function.
# Enable the port security function.
[Huawei-Ethernet2/0/1] port-security enable
Enable the sticky MAC function.
[Huawei-Ethernet2/0/1] port-security mac-address sticky
# Configure the protective action.
[Huawei-Ethernet2/0/1] port-security protect-action protect
# Set the maximum number of MAC addresses that can be learned on the interface.
[Huawei-Ethernet2/0/1] port-security max-mac-num 4
To enable the port security function on other interfaces, repeat the preceding steps.
Step 3 Verify the configuration.
If PC1 is replaced by another PC, this replacement PC cannot access the company intranet.
----End
Configuration Files
Configuration file of the Router
#
vlan batch 10
#
interface Ethernet2/0/1
port link-type trunk
port trunk allow-pass vlan 10
port-security enable
port-security protect-action protect
port-security mac-address sticky
port-security max-mac-num 4
#
return
6.9.3 Example for Configuring MAC Address Limiting Rules on
Interfaces
Huawei AR3200 Series Enterprise Routers
Configuration Guide - LAN 6 MAC Address Table Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
176
To Next Page
Loading...
