326
Default
Port security does not limit the number of secure MAC addresses on a port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
max-count
: Specifies the maximum number of secure MAC addresses that port security allows on
the port. The value range is 1 to 2147483647.
vlan
[
vlan-id-list
]: Specifies a space-separated list of up to 10 VLAN items. Each VLAN item
specifies a VLAN ID or a range of VLAN IDs in the form of
start-vlan-id
to
end-vlan-id
. The end VLAN
ID cannot be smaller than the start VLAN ID. The value range for VLAN IDs is 1 to 4094. If you do not
specify the
vlan
keyword, this command sets the maximum number of secure MAC addresses that
port security allows on a port. If you do not specify the
vlan-id-list
argument, this command sets the
maximum number of secure MAC addresses for each VLAN on the port. This option takes effect only
on a port that operates in autoLearn mode.
Usage guidelines
For autoLearn mode, this command sets the maximum number of secure MAC addresses (both
configured and automatically learned) on the port.
In any other mode that enables 802.1X, MAC authentication, or both, this command sets the
maximum number of authenticated MAC addresses on the port. The actual maximum number of
concurrent users that the port accepts equals the smaller of the following values:
•
The value set by using this command.
•
The maximum number of concurrent users allowed by the authentication mode in use.
For example, in userLoginSecureExt mode, if 802.1X allows more concurrent users than port
security's limit on the number of MAC addresses, port security's limit takes effect.
When you configure this command, follow these guidelines and restrictions:
•
Make sure the maximum number of secure MAC addresses for a VLAN is not less than the
number of MAC addresses currently saved for the VLAN.
•
If you execute this command multiple times to set the maximum number of secure MAC
addresses for the same VLAN, the most recent configuration takes effect.
•
You cannot change port security's limit on the number of MAC addresses when the port is
operating in autoLearn mode.
Examples
# Set the maximum number of secure MAC address port security allows on Ten-GigabitEthernet
1/0/1 to 100.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port-security max-mac-count 100
Related commands
display port-security