3com S7906E Instruccion De Instalación
1-12
Configuration procedure
1) Configure port security
# Enable port security.
<Switch> system-view
[Switch] port-security enable
# Enable intrusion protection trap.
[Switch] port-security trap intrusion
[Switch] interface gigabitethernet 2/0/1
# Set the maximum number of secure MAC addresses allowed on the port to 64.
[Switch-GigabitEthernet2/0/1] port-security max-mac-count 64
# Set the port security mode to autoLearn.
[Switch-GigabitEthernet2/0/1] port-security port-mode autolearn
# Configure the port to be silent for 30 seconds after the intrusion protection feature is triggered.
[Switch-GigabitEthernet2/0/1] port-security intrusion-mode disableport-temporarily
[Switch-GigabitEthernet2/0/1] quit
[Switch] port-security timer disableport 30
2) Verify the configuration
After completing the above configurations, you can use the following command to view the port security
configuration information:
<Switch> display port-security interface gigabitethernet 2/0/1
Equipment port-security is enabled
Intrusion trap is enabled
Disableport Timeout: 30s
OUI value:
GigabitEthernet2/0/1 is link-up
Port mode is autoLearn
NeedToKnow mode is disabled
Intrusion Protection mode is DisablePortTemporarily
Max MAC address number is 64
Stored MAC address number is 0
Authorization is permitted
As shown in the output, the maximum number of secure MAC addresses allowed on the port is 64, the
port security mode is autoLearn, the intrusion protection trap is enabled, and the intrusion protection
action is to disable the port (DisablePortTemporarily) for 30 seconds.
You can also use the above command repeatedly to track the number of MAC addresses learned by the
port, or use the display this command in interface view to display the secure MAC addresses learned,
as shown below:
<Switch> system-view
[Switch] interface gigabitethernet 2/0/1
[Switch-GigabitEthernet2/0/1] display this
#
interface GigabitEthernet2/0/1