R2511-HP MSR Router Series Security Configuration Guide(V5)
132
The port security's limit on the number of MAC addresses on a port is independent of the MAC learning
limit described in MAC address table configuration in the Layer 2—LAN Switching Configuration Guide.
To set the maximum number of secure MAC addresses allowed on a port:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Set the limit of port security on
the number of MAC
addresses.
port-security max-mac-count
count-value
Not limited by default.
Setting the port security mode
After enabling port security, you can change the port security mode of a port only when the port is
operating in noRestrictions (the default) mode. To change the port security mode for a port in any other
mode, first use the undo port-security port-mode command to restore the default port security mode.
You can specify a port security mode when port security is disabled, but your configuration cannot take
effect.
You cannot change the port security mode of a port when online users are present.
Configuration prerequisites
Before you set a port security mode for a port, complete the following tasks:
• Disable 802.1X and MAC authentication.
• Check that the port does not belong to any aggregation group.
• If you are configuring the autoLearn mode, set port security's limit on the number of MAC addresses.
You cannot change the setting when the port is operating in autoLearn mode.
Configuration procedure
To enable a port security mode:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set an OUI value for user
authentication.
port-security oui oui-value index
index-value
Required for the userlogin-withoui
mode.
Not configured by default.
To set multiple OUI values, repeat
this step.
3. Enter interface view.
interface interface-type
interface-number
To specify the autoLearn or
userloginWithOUI mode, you must
enter Layer 2 Ethernet interface
view.