manualshive.com logo in svg

H3C S5500-EI series, Operation Manual – Port Security

The H3C S5500-EI series offers exceptional network performance and reliability. Enhance your understanding of its advanced features and optimize its functionality with the comprehensive Operation Manual. Download it for free from our website to unlock the full potential of your H3C S5500-EI series product.

Share
Download
background image

Operation Manual – Port Security 
H3C S5500-EI Series Ethernet Switches  

Table of Contents

 

Table of Contents 

Chapter 1 Port Security Configuration........................................................................................ 1-1

 

1.1 Introduction to Port Security .............................................................................................. 1-1

 

1.1.1 Port Security Overview............................................................................................ 1-1

 

1.1.2 Port Security Features ............................................................................................ 1-1

 

1.1.3 Port Security Modes ................................................................................................ 1-2

 

1.2 Port Security Configuration Task List ................................................................................ 1-4

 

1.3 Enabling Port Security ....................................................................................................... 1-4

 

1.3.1 Configuration Prerequisites..................................................................................... 1-4

 

1.3.2 Configuration Procedure ......................................................................................... 1-4

 

1.4 Setting the Maximum Number of Secure MAC Addresses................................................ 1-5

 

1.5 Setting the Port Security Mode .......................................................................................... 1-6

 

1.5.1 Enabling the autoLearn Mode ................................................................................. 1-6

 

1.5.2 Enabling the userLoginWithOUI Mode.................................................................... 1-7

 

1.5.3 Enabling any other Port Security Mode .................................................................. 1-7

 

1.6 Configuring Port Security Features.................................................................................... 1-8

 

1.6.1 Configuring NTK...................................................................................................... 1-8

 

1.6.2 Configuring Intrusion Protection.............................................................................. 1-8

 

1.6.3 Configuring Trapping............................................................................................... 1-9

 

1.7 Configuring Secure MAC Addresses ................................................................................. 1-9

 

1.7.1 Configuration Prerequisites................................................................................... 1-10

 

1.7.2 Configuration Procedure ....................................................................................... 1-10

 

1.8 Ignoring the Authorization Information from the Server................................................... 1-10

 

1.9 Displaying and Maintaining Port Security ........................................................................ 1-11

 

1.10 Port Security Configuration Examples ........................................................................... 1-11

 

1.10.1 Port Security Configuration for autoLearn Mode................................................. 1-11

 

1.10.2 Port Security Configuration for userLoginWithOUI Mode ................................... 1-14

 

1.10.3 Port Security Configuration for macAddressElseUserLoginSecure Mode.................. 1-18

 

1.11 Troubleshooting Port Security ....................................................................................... 1-21

 

1.11.1 Cannot Set the Port Security Mode .................................................................... 1-21

 

1.11.2 Cannot Configure Secure MAC Addresses ........................................................ 1-22

 

1.11.3 Cannot Change Port Security Mode When a User Is Online.............................. 1-22

 

 

Summary of Contents for S5500-EI series

Page 1: ...Security Mode 1 7 1 6 Configuring Port Security Features 1 8 1 6 1 Configuring NTK 1 8 1 6 2 Configuring Intrusion Protection 1 8 1 6 3 Configuring Trapping 1 9 1 7 Configuring Secure MAC Addresses 1...

Page 2: ...n MAC address of an outbound frame With port security you can define various port security modes to make a device learn only legal source MAC addresses so that you can implement different network secu...

Page 3: ...ecurity is disabled on the port and access to the port is not restricted In this mode neither the NTK nor the intrusion protection feature is triggered autoLearn In this mode a port can learn a specif...

Page 4: ...first upon receiving 802 1x frames If 802 1x authentication fails the port performs MAC authentication macAddressEls eUserLoginSec ure This mode is the combination of the macAddressWithRadius and user...

Page 5: ...ollowing tasks to configure port security Task Remarks Enabling Port Security Required Setting the Maximum Number of Secure MAC Addresses Optional Setting the Port Security Mode Required Configuring N...

Page 6: ...formation about 802 1x authentication and MAC authentication refer to 802 1x HABP MAC Authentication Configuration 1 4 Setting the Maximum Number of Secure MAC Addresses With port security enabled mor...

Page 7: ...ny of the above configurations Note z With port security disabled you can configure the port security mode but your configuration does not take effect z With port security enabled you can change the p...

Page 8: ...e MAC addresses have an OUI value among the specified ones Follow these steps to enable the userLoginWithOUI mode To do Use the command Remarks Enter system view system view Set an OUI value for user...

Page 9: ...port operating in either macAddressElseUserLoginSecure mode or macAddressElseUserLoginSecureExt mode intrusion protection is triggered only after both MAC authentication and 802 1x authentication for...

Page 10: ...ity timer disableport command to set the silence timeout during which a port remains disabled 1 6 3 Configuring Trapping Follow these steps to configure port security trapping To do Use the command Re...

Page 11: ...lan vlan id Required Use either approach No secure MAC address is configured by default Note The configured secure MAC addresses are saved in the configuration file and will not get lost when the port...

Page 12: ...ype interface number vlan vlan id count Available in any view Display information about blocked MAC addresses display port security mac address block interface interface type interface number vlan vla...

Page 13: ...trusion mode disableport temporarily Switch GigabitEthernet1 0 1 quit Switch port security timer disableport 30 2 Verify the configuration After completing the above configurations you can use the fol...

Page 14: ...face command after the number of MAC addresses learned by the port reaches 64 you will see that the port security mode has changed to secure When any frame with a new MAC address arrives intrusion pro...

Page 15: ...ized to access the Internet Restrict port GigabitEthernet 1 0 1 of the switch as follows z Allow only one 802 1x user to be authenticated z Allow up to 16 OUI values to be configured and allow one add...

Page 16: ...g server to money Switch radius radsun key accounting money Set the RADIUS server response timeout time to five seconds and the maximum number of RADIUS packet retransmission attempts to 5 Switch radi...

Page 17: ...e standard Primary Auth IP 192 168 1 1 Port 1812 State active Primary Acct IP 192 168 1 2 Port 1813 State active Second Auth IP 192 168 1 2 Port 1812 State active Second Acct IP 192 168 1 1 Port 1813...

Page 18: ...otection mode is NoAction Max MAC address number is not configured Stored MAC address number is 0 Authorization is permitted After an 802 1x user gets online you can see that the number of secure MAC...

Page 19: ...he following command to view the related information Switch display mac address interface gigabitethernet 1 0 1 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 1234 0300 0011 1 Learned GigabitEthernet1...

Page 20: ...me and password to aaa and 123456 respectively Switch mac authentication user name format fixed account aaa password simple 123456 Switch interface gigabitethernet 1 0 1 Set the maximum number of secu...

Page 21: ...detect period is 300s Quiet period is 60s Server response timeout value is 100s The max allowed user number is 1024 per slot Current user number amounts to 0 Current domain not configured use default...

Page 22: ...1X Multicast trigger is enabled Guest VLAN 0 Max number of on line users is 256 EAPOL Packet Tx 16331 Rx 102 Sent EAP Request Identity Packets 16316 EAP Request Challenge Packets 6 EAP Success Packet...

Page 23: ...igure secure MAC addresses Switch GigabitEthernet1 0 1 port security mac address security 1 1 2 vlan 1 Error Can not operate security MAC address for current port mode is not autoLearn II Analysis No...

Page 24: ...GigabitEthernet1 0 1 II Analysis Changing port security mode is not allowed when an 802 1x authenticated or MAC authenticated user is online III Solution Use the cut command to forcibly disconnect th...

Reviews:

No comments

Related manuals for S5500-EI series

Datavideo SE-1000 Reference Manual preview
SE-1000
Brand: Datavideo Pages: 4
Datavideo SE-1200MU Quick Start Manual preview
SE-1200MU
Brand: Datavideo Pages: 66
Baxall DVS24 Installation And Operating Instructions Manual preview
DVS24
Brand: Baxall Pages: 33
Contemporary Controls EISK5-100T/H Installation Manual preview
EISK5-100T/H
Brand: Contemporary Controls Pages: 4
Collective Minds Xbox One Media Hub Instruction Manual preview
Xbox One Media Hub
Brand: Collective Minds Pages: 19
Hama 00176551 Operating Instructions Manual preview
00176551
Brand: Hama Pages: 56
Inter-m PX-6116 Operation Manual preview
PX-6116
Brand: Inter-m Pages: 12
Wetekom 83 52 59 Original Instruction Manual preview
83 52 59
Brand: Wetekom Pages: 34
SLV 470819 Quick Installation Manual preview
470819
Brand: SLV Pages: 22
3One data IES205 Hardware Installation Manual preview
IES205
Brand: 3One data Pages: 9
Black Box KVS4-1002HV User Manual preview
KVS4-1002HV
Brand: Black Box Pages: 15
ANTAIRA LMP-2012G-SFP Series Quick Installation Manual preview
LMP-2012G-SFP Series
Brand: ANTAIRA Pages: 2
Hammond Leslie CU-1 Owner'S Manual preview
Leslie CU-1
Brand: Hammond Pages: 2
AVProEdge AC-MX44/88-AUHD-HDBT User Manual preview
AC-MX44/88-AUHD-HDBT
Brand: AVProEdge Pages: 32
Emcotec iRC Electronic DPSI TWIN Mini Quick Reference Manual preview
iRC Electronic DPSI TWIN Mini
Brand: Emcotec Pages: 2
Datavideo SEB-1200 Instruction Manual preview
SEB-1200
Brand: Datavideo Pages: 90
C2G TRULINK 39973 Instruction Manual preview
TRULINK 39973
Brand: C2G Pages: 2
Icy Box IB-KVM8801-HU2 Manual preview
IB-KVM8801-HU2
Brand: Icy Box Pages: 24

Brands by name

Popular brands

Load more brands