DES-7200 Configuration Guide Chapter 5 Port-based Flow Control Configuration
5-8
The instance below describes how to enable the port security function on interface
gigabitethernet 0/3. The maximum number of addresses to be set is 8 and the violation
handling mode is set as protect.
DES-7200# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
DES-7200(config)# interface gigabitethernet 0/3
DES-7200(config-if)# switchport mode access
DES-7200(config-if)# switchport port-security
DES-7200(config-if)# switchport port-security maximum 8
DES-7200(config-if)# switchport port-security violation protect
DES-7200(config-if)# switchport port-security mac-address sticky
DES-7200(config-if)# end
Note
1. If the DOT1X has been enabled on the interface and the
authenticated user number has exceeded the maximum limit, it fails to
enable the port security function.
2. With the port security and DOT1X function enabled at the same time,
If the secure address ages out, the DOT1X user can continue to
communicate after the re-authentication.
3. It needs no authentication to access to the network for the secure
address on the static port.
4. For the DES-7200 series, with IP+MAC binding configured in the
IPv6 compatible mode on the security port, the IPv6 packets
corresponds to the secure address but not the IP+MAC binding
address can be transmitted.
5. If the violation mode is modified on the interface, the new violation
mode takes effect only after the security port restores to the
non-violation state.
5.3.2.4 Configuration of Secure
Addresses on the Secure Port
In the global configuration mode, add secure addresses for secure ports by using the
following commands:
Command Function
DES-7200(config)# switch
portport-security interface interface-id
mac-address mac-address]vlan [vlan_id]
In the global configuration mode, manually
configure the secure addresss on the port.
In the interface configuration mode, add secure addresses for secure ports by using
the following commands: