R2511-HP MSR Router Series Security Configuration Guide(V5)
131
Task Remarks
Configuring port security features:
• Configuring NTK
• Configuring intrusion protection
• Enabling port security traps
Optional.
Configure one or more
features as required.
Configuring secure MAC addresses Optional.
Configuring port security for WLAN ports:
• Setting the port security mode of a WLAN port
• Enabling key negotiation
• Configuring a PSK
Required for WLAN
ports.
Ignoring authorization information from the server Optional.
Enabling port security
When port security is enabled, you cannot manually enable 802.1X or MAC authentication, or change
the access control mode or port authorization state. The port security automatically modifies these
settings in different security modes.
Before you enable port security, disable 802.1X and MAC authentication globally.
To enable port security:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable port security.
port-security enable The port security is disabled.
You can use the undo port-security enable command to disable port security when no online users are
present.
Enabling or disabling port security resets the following security settings to the default:
• 802.1X access control mode is MAC-based, and the port authorization state is auto.
• Port security mode is noRestrictions.
For more information about Configuring 802.1X, see "Configuring 802.1X."
For more information about MAC authentication configuration, see "Configuring MAC authentication."
Setting port security's limit on the number of MAC
addresses on a port
You can set the maximum number of MAC addresses that port security allows on a port for the following
purposes:
• Controlling the number of concurrent users on the port. The maximum number of concurrent users on
the port equals this limit or the limit of the authentication mode (802.1X for example) in use,
whichever is smaller.
• Controlling the number of secure MAC addresses on the port in autoLearn mode.