R2511-HP MSR Router Series Security Configuration Guide(V5)
139
Displaying and maintaining port security
Task Command
Remarks
Display port security configuration
information, operation
information, and statistics about
one or more ports or all ports.
display port-security [ interface interface-list ] [ |
{ begin | exclude | include } regular-expression ]
Available in any
view.
Display information about secure
MAC addresses.
display port-security mac-address security
[ interface interface-type interface-number ] [ vlan
vlan-id ] [ count ] [ | { begin | exclude | include }
regular-expression ]
Available in any
view.
Display information about blocked
MAC addresses.
display port-security mac-address block [ interface
interface-type interface-number ] [ vlan vlan-id ]
[ count ] [ | { begin | exclude | include }
regular-expression ]
Available in any
view.
Display information about PSK
users.
display port-security preshared-key user
[ interface interface-type interface-number ] [ |
{ begin | exclude | include } regular-expression ]
Available in any
view.
Port security configuration examples
Configuring the autoLearn mode
Network requirements
See Figure 48. Configure port Ethernet 1/1 on the Device, as follows:
• Accept up to 64 users on the port without authentication.
• Permit the port to learn and add MAC addresses as sticky MAC addresses, and set the secure MAC
aging timer to 30 minutes.
• After the number of secure MAC addresses reaches 64, the port stops learning MAC addresses. If
any frame with an unknown MAC address arrives, intrusion protection starts, and the port shuts
down and stays silent for 30 seconds.
Figure 48 Network diagram
Configuration procedure
# Enable port security.
<Device> system-view
[Device] port-security enable
# Set the secure MAC aging timer to 30 minutes.
[Device] port-security timer autolearn aging 30