R2511-HP MSR Router Series Security Command Reference(V5)
168
To enable port security on a port, use the port-security enable command, and to set the port in autoLearn
mode, use the port-security port-mode autolearn command.
When the dynamic secure MAC function is enabled (using the port-security mac-address dynamic
command), you cannot manually configure sticky MAC addresses.
Examples
# Enable port security, set port GigabitEthernet 1/1 in autoLearn mode, and add a static secure MAC
address 0001-0001-0002 in VLAN 10.
<Sysname> system-view
[Sysname] port-security enable
[Sysname] interface gigabitethernet 1/1
[Sysname-GigabitEthernet1/1] port-security max-mac-count 100
[Sysname-GigabitEthernet1/1] port-security port-mode autolearn
[Sysname-GigabitEthernet1/1] quit
[Sysname] port-security mac-address security 0001-0001-0002 interface gigabitethernet 1/1
vlan 10
# Enable port security, set port GigabitEthernet 1/1 in autoLearn mode, and add a static secure MAC
address 0001-0002-0003 in VLAN 4 in interface view.
<Sysname> system-view
[Sysname] port-security enable
[Sysname] interface gigabitethernet 1/1
[Sysname-GigabitEthernet1/1] port-security max-mac-count 100
[Sysname-GigabitEthernet1/1] port-security port-mode autolearn
[Sysname-GigabitEthernet1/1] port-security mac-address security 0001-0002-0003 vlan 4
Related commands
• display port-security
• port-security timer autolearn aging
port-security max-mac-count
Use port-security max-mac-count to set the maximum number of MAC addresses that port security allows
on a port.
Use undo port-security max-mac-count to restore the default setting.
Syntax
port-security max-mac-count count-value
undo port-security max-mac-count
Default
Port security has no limit on the number of MAC addresses on a port.
Views
Ethernet interface view, WLAN-Ethernet interface view, WLAN-BSS interface view
Default command level
2: System level