1-5
Setting the Maximum Number of MAC Addresses Allowed on a Port
Port security allows more than one user to be authenticated on a port. The number of authenticated
users allowed, however, cannot exceed the configured upper limit.
By setting the maximum number of MAC addresses allowed on a port, you can
z Control the maximum number of users who are allowed to access the network through the port
z Control the number of Security MAC addresses that can be added with port security
This configuration is different from that of the maximum number of MAC addresses that can be leaned
by a port in MAC address management.
Follow these steps to set the maximum number of MAC addresses allowed on a port:
To do… Use the command… Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Set the maximum number of
MAC addresses allowed on the
port
port-security max-mac-count
count-value
Required
Not limited by default
z Assume that, in the macAddressOrUserLoginSecureExt port security mode, you have
configured to allow up to n authenticated users to access the network. When all of these n
authenticated users are connected to the network and one or more of them are MAC-authenticated,
to perform 802.1x authentication on the MAC-authenticated user(s), the number of maximum MAC
addresses allowed on the port must be set to n + 1. Similarly, in the case of the
macAddressOrUserLoginSecure security mode, the maximum number of MAC addresses
allowed on the port must be set to 2.
z In the macAddressAndUserLoginSecureExt port security mode, to allow up to n authenticated
users to be connected to the network at the same time and the nth user to be 802.1x-authenticated,
the maximum number of MAC addresses allowed on the port must be set to at least n + 1. Similarly,
in the case of the macAddressAndUserLoginSecure security mode, the maximum number of
MAC addresses allowed on the port must be set to 2.
Setting the Port Security Mode
Follow these steps to set the port security mode:
To do… Use the command… Remarks
Enter system view
system-view
—
Set the OUI value for user
authentication
port-security oui OUI-value
index index-value
Optional
In userLoginWithOUI mode, a
port supports one 802.1x user
plus one user whose source
MAC address has a specified
OUI value.
