R2511-HP MSR Router Series Security Command Reference(V5)
171
example, when a company allows only IP phones of vendor A in the Intranet, use this command to set the
OUI of vendor A.
Examples
# Configure an OUI value of 000d2a, setting the index to 4.
<Sysname> system-view
[Sysname] port-security oui 000d-2a10-0033 index 4
Related commands
display port-security
port-security port-mode
Use port-security port-mode to set the port security mode of a port.
Use undo port-security port-mode to restore the default.
Syntax
port-security port-mode { autolearn | mac-and-psk | mac-authentication | mac-else-userlogin-secure
| mac-else-userlogin-secure-ext | psk | secure | userlogin | userlogin-secure | userlogin-secure-ext |
userlogin-secure-ext-or-psk | userlogin-secure-or-mac | userlogin-secure-or-mac-ext |
userlogin-withoui }
undo port-security port-mode
Default
A port operates in noRestrictions mode, where port security does not take effect.
Views
Interface view
Default command level
2: System level
Parameters
Ke
y
word Securit
y
mode
Descri
p
tion
autolearn autoLearn
In this mode, a port can learn MAC addresses, and allows
frames sourced from learned or configured the MAC
addresses to pass. The automatically learned MAC
addresses are secure MAC addresses. You can also
configure secure MAC addresses by using the
port-security mac-address security command. A secure
MAC address never ages out by default. In addition, you
can configure MAC addresses manually by using the
mac-address dynamic and mac-address static commands
for a port in autoLearn mode.
When the number of secure MAC addresses reaches the
upper limit set by the port-security max-mac-count
command, the port changes to secure mode.
mac-and-psk
macAddressAndPres
haredKey
In this mode, a user must pass MAC authentication and
then use the pre-configured PSK to negotiate with the
device. Only when the negotiation succeeds, can the user
access the device.