2, H3C switch port security

Enterprise 2019-08-13 16:28:00 views: null

First, open the port security

[switch] port-security enable


Second, a port security maximum allowed secure MAC address number

[Switch] interface  interface of the type- interface-Number The  // entry port   

[switch-interface] port-security max-mac-count count-value


Third, the port security mode - automatic learning

[switch-interface] port-security port-mode autolearn


Fourth, configure the Port Security Features

[switch-interface] port-security ntk-mode { ntk-withbroadcasts | ntk-withmulticasts | ntkonly }

 

NOTE: ntkonly : the purpose of allowing only MAC address has been certified by the MAC multicast packets by a single address.

NTK-withbroadcasts on : the purpose of allowing the MAC address has been certified by the MAC single address of a multicast packet or a broadcast address

The packets.

NTK-withmulticasts : the purpose of allowing the MAC address has been certified by the MAC single address multicast packets, broadcast address

Or messages through a multicast address.

 

V. configuration detection feature ***

[switch-interface] port-security intrusion-mode { blockmac | disableport | disableport-temporarily }

 

Note: blockmac: indicate illegal packet's source MAC address of the blocked MAC address list, the source MAC address is blocked

MAC address of the packet will be discarded. MAC address is restored to normal after being blocked for three minutes (not user configurable).

• disableport: it said it will receive packets of illegal port permanently closed.

• disableport-temporarily: it said it will receive packets of illegal port temporarily shut down for some time. You may be configured by a closed length of port-security timer disableport command.




The basic configuration is complete, the following options are available

-----------------------------------------------------------------------------------------------------------------------------------------------------------

 


六、配置系统暂时关闭端口的时间(可选)

[switch] port-security timer disableport time-valu

 

七、手动配置MAC安全地址(可选)

[switch] port-security mac-address security [ sticky ] mac-address interface interface-type interface-number vlan vlan-id


Guess you like

Origin blog.51cto.com/12347226/2429042
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com