R211x-HP Flexfabric 11900 Security Configuration Guide
98
<Device> system-view
[Device] port-security enable
# Set the secure MAC aging timer to 30 minutes.
[Device] port-security timer autolearn aging 30
# Set port security's limit on the number of secure MAC addresses to 64 on port Ten-GigabitEthernet
1/0/1.
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] port-security max-mac-count 64
# Set the port security mode to autoLearn.
[Device-Ten-GigabitEthernet1/0/1] port-security port-mode autolearn
# Configure the port to be silent for 30 seconds after the intrusion protection feature is triggered.
[Device-Ten-GigabitEthernet1/0/1] port-security intrusion-mode disableport-temporarily
[Device-Ten-GigabitEthernet1/0/1] quit
[Device] port-security timer disableport 30
Verifying the configuration
# Display the port security configuration.
[Device] display port-security interface ten-gigabitethernet 1/0/1
Port security is enabled globally
AutoLearn aging time is 30 minutes
Disableport Timeout: 30s
OUI value:
Ten-GigabitEthernet1/0/1 is link-up
Port mode: autoLearn
NeedToKnow mode: Disabled
Intrusion protection mode: DisablePortTemporarily
Max number of secure MAC addresses: 64
Current number of secure MAC addresses: 5
Authorization is permitted
The output shows the following:
• The port security's limit on the number of secure MAC addresses on the port is 64.
• The port security mode is autoLearn.
• The intrusion protection action is disabling the port (DisablePortTemporarily) for 30 seconds.
The port allows for MAC address learning, and you can view the number of learned MAC addresses in
the Current number of secure MAC addresses field.
# Use the display this command in Layer 2 Ethernet interface view to display additional information
about the learned MAC addresses.
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port-security max-mac-count 64
port-security port-mode autolearn
port-security mac-address security sticky 0002-0000-0015 vlan 1
port-security mac-address security sticky 0002-0000-0014 vlan 1