Setting the port security mode

Port security modes except the userLogin mode are supported only on the following ports:

Before you set a port security mode for a port, complete the following tasks:

When you set the port security mode, follow these guidelines:

To set the port security mode:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. (Optional.) Set an OUI value for user authentication.

port-security oui index index-value mac-address oui-value

By default, no OUI values are configured for user authentication.

This command is required for the userlogin-withoui mode.

You can set multiple OUIs, but when the port security mode is userlogin-withoui, the port allows one 802.1X user and only one user that matches one of the specified OUIs.

3. Enter interface view.

interface interface-type interface-number

  • To specify the autoLearn mode, you must enter Layer 2 Ethernet interface view.

  • To specify the userLoginWithOUI mode, you must enter Layer 2 Ethernet interface view.

4. Set the port security mode.

port-security port-mode { autolearn | mac-authentication | mac-else-userlogin-secure | mac-else-userlogin-secure-ext | secure | userlogin | userlogin-secure | userlogin-secure-ext | userlogin-secure-or-mac | userlogin-secure-or-mac-ext | userlogin-withoui }

By default, a port operates in noRestrictions mode.

After enabling port security, you can change the port security mode of a port only when the port is operating in noRestrictions (the default) mode. To change the port security mode for a port in any other mode, first use the undo port-security port-mode command to restore the default port security mode.