HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 127
Setting port security's limit on the number of MAC addresses on a port, Setting the port security
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 127 highlights
When port security is enabled, you cannot manually enable 802.1X or MAC authentication, or change the access control mode or port authorization state. The port security automatically modifies these settings in different security modes. You cannot disable port security when online users are present. Before enabling port security, disable 802.1X and MAC authentication globally. To enable port security: Step 1. Enter system view. 2. Enable port security. Command system-view port-security enable Remarks N/A By default, the port security is disabled. For more information about 802.1X configuration, see "Configuring 802.1X." For more information about MAC authentication configuration, see "Configuring MAC authentication." Setting port security's limit on the number of MAC addresses on a port You can set the maximum number of MAC addresses that port security allows on a port for the following purposes: • Controlling the number of concurrent users on the port. The maximum number of concurrent users on the port equals this limit or the limit of the authentication mode (802.1X for example) in use, whichever is smaller. • Controlling the number of secure MAC addresses on the port in autoLearn mode. The port security's limit on the number of MAC addresses on a port is independent of the MAC learning limit described in MAC address table configuration in the Layer 2-LAN Switching Configuration Guide. To set the maximum number of secure MAC addresses allowed on a port: Step Command 1. Enter system view. system-view 2. Enter Layer 2 Ethernet interface view. interface interface-type interface-number 3. Set the limit of port security on the number of MAC addresses. port-security max-mac-count count-value Remarks N/A N/A Not limited by default. Setting the port security mode After enabling port security, you can change the port security mode of a port only when the port is operating in noRestrictions (the default) mode. To change the port security mode for a port in any other mode, first use the undo port-security port-mode command to restore the default port security mode. You can specify a port security mode when port security is disabled, but your configuration cannot take effect. You cannot change the port security mode of a port when online users are present. 117