3Com Switch 4200G Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

101

102

103

104

105

106

107

108

109

110

Port Security Configuration 89

The time set by the port-security timer disableport timer command is the same as

the time set for temporarily disabling a port while executing the port-security

intrusion-mode command under disableport-temporarily mode.

With the port security enabled, a device has the following restrictions on the 802.1x

authentication and MAC address authentication in order to prevent conflictions.

1 The access control mode (set by the dot1x port-control command) is automatically set

to auto.

2 The dot1x, dot1x port-method, dot1x port-control, and mac-authentication

commands are inapplicable.

■ Refer to the 802.1x module of S4200G S4200G Series Ethernet Switches

Operation Manual for details on 802.1x authentication.

■ You cannot add a port that configured port security feature to a link aggregation

group.

■ You cannot configure the port-security port-mode mode command on a port if the

port is in a link aggregation group

Configure Security MAC Security MAC is a special type MAC address and similar with static MAC address. One

Security MAC can only be added to one port in the same VLAN. Using this feature,

you can bind a MAC address with a port in the same VLAN.

Set the security mode

of a port

port-security port-mode mode Required

Users can choose the

optimal mode as

necessary.

Set the maximum

number of MAC

addresses that can be

accommodated by a

port

port-security max-mac-count count-value Optional

By default, there is no

limit on the number of

MAC addresses.

Set the NTK

transmission mode

port-security ntk-mode { ntkonly |

ntk-withbroadcasts |

ntk-withmulticasts }

Required

No specific transmission

mode is configured by

default.

Bind the MAC and IP

addresses of a legal

user to a specified port

am user-bind mac-addr mac-address

ip-addr ip-address [ interface

interface-type interface-number ]

Optional

Users need to specify the

ports to bind while

executing this command

in system view, whereas

in Ethernet port view, this

command applies to the

current port only.

Set the Intrusion

Protection mode

port-security intrusion-mode

{ disableport | disableport-temporarily |

blockmac }

Required

No specific intrusion

mode is configured by

default.

Return to system view quit —

Set the timer for

temporarily disabling a

port

port-security timer disableport timer Optional

Defaults to 20 seconds.

Table 66 Configure port security (Continued)

Operation Command Description