Setting port security's limit on the number of secure MAC addresses on a port
You can set the maximum number of secure MAC addresses that port security allows on a port for the following purposes:
Controlling the number of concurrent users on the port.
For a port operating in a security mode (except for autoLearn and secure), the upper limit equals the smaller of the following values:
The limit of the secure MAC addresses that port security allows.
The limit of concurrent users allowed by the authentication mode in use.
Controlling the number of secure MAC addresses on the port in autoLearn mode.
For a port operating in autoLearn mode, you can set the maximum number of secure MAC addresses for all or specific VLANs. When the number of MAC addresses in a VLAN reaches the upper limit, intrusion detection is triggered.
The port security's limit on the number of secure MAC addresses on a port is independent of the MAC learning limit described in MAC address table configuration. For more information about MAC address table configuration, see Layer 2—LAN Switching Configuration Guide.
To set the maximum number of secure MAC addresses allowed on a port:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Set the maximum number of secure MAC addresses allowed on a port. | port-security max-mac-count max-count [ vlan [ vlan-id-list ] ] | By default, port security does not limit the number of secure MAC addresses on a port. |