R0106-HP MSR Router Series Security Configuration Guide(V7)
165
Configuration task list
Tasks at a
g
lance
Remarks
(Required.) Enabling port security N/A
(Optional.) Setting port security's limit on the number of secure MAC
addresses on a port
N/A
(Required.) Setting the port security mode N/A
(Required.) Configuring port security features:
• Configuring NTK
• Configuring intrusion protection
Configure one or more port security
features according to the network
requirements.
(Optional.) Configuring secure MAC addresses N/A
(Optional.) Ignoring authorization information from the server N/A
(Optional.) Enabling MAC move N/A
Enabling port security
Before you enable port security, disable 802.1X and MAC authentication globally.
When port security is enabled, you cannot enable 802.1X or MAC authentication, or change the access
control mode or port authorization state. The port security automatically modifies these settings in
different security modes.
To enable port security:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable port security.
port-security enable
By default, port security is
disabled.
You can use the undo port-security enable command to disable port security. Because the command logs
off the online users, make sure no online users are present.
Enabling or disabling port security resets the following security settings to the default:
• 802.1X access control mode is MAC-based.
• Port authorization state is auto.
For more information about 802.1X authentication and MAC authentication configuration, see
"Configuring 802.1X" and "Configuring MAC authentication."
Setting port security's limit on the number of secure
MAC addresses on a port
You can set the maximum number of secure MAC addresses that port security allows on a port for the
following purposes: