3Com 5500-SI Switch User Manual

Open as PDF

of 686

64 CHAPTER 3: PORT OPERATION

The time set by the port-security timer disableport timer command takes effect when

the disableport-temporarily mode is set by the port-security intrusion-mode

command.

To avoid confliction, the following limitation on the 802.1x and the MAC address

authentication will be taken after port security is enabled:

1 The access control mode (set by the dot1x port-control command) automatically

changes to auto.

2 The dot1x port-method command can be successfully executed only when no user is

on-line.

3 The dot1x, dot1x port-method, dot1x port-control, and mac-authentication

commands cannot be used.

For detailed description of 802.1x authentication, refer to the security module of the

3Com S5500 Series Ethernet Switches Operation Manual.

Port Security Configuration Example

Network requirements

■ Enable port security on port Ethernet1/0/1 of switch A, and set the maximum

number of the MAC addresses that are allowed to access the port to 80.

■ Set the packet transmission mode of the NTK feature on the port to ntkonly, and

the action mode of the Intrusion Protection feature on the port to disableport.

■ Connect PC1 to the port through switch B.

■ Bind the MAC and IP addresses of PC1 to the port.

Bind the MAC and IP

addresses of a legal user to a

specified port

am user-bind mac-addr

mac-address ip-addr

ip-address [ interface

interface-type

interface-number ]

Optional

You need to specify the bound port if

you use this command in system

view.You do not need to specify the

bound port if you use this command in

Ethernet port view, because the MAC

and IP address will be bound to the

current port.

Set the action mode of the

Intrusion Protection feature

on the port

port-security

intrusion-mode {

disableport |

disableport-temporarily

| blockmac }

Required

By default, no action mode of the

Intrusion Protection feature is set on the

port.

Return to the system view quit -

Set the time during which

the system temporarily

disables a port

port-security timer

disableport timer

Optional

By default, this time is 20 seconds

Display information about

port security configuration

display port-security [

interface interface-list ]

You can execute the display command in

any view.

Table 47 Configure port security (continued)

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

3Com 5500-SI Switch User Manual