No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
WLAN AC V200R010C00 Command Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
port-security max-mac-num (AP wired port profile view)

port-security max-mac-num (AP wired port profile view)

Function

The port-security max-mac-num command sets the maximum number of secure MAC addresses that can be learned by an interface.

By default, an interface can learn only one MAC address.

Format

port-security max-mac-num max-number

Parameters

Parameter

Description

Value

max-number

Specifies the maximum number of secure MAC addresses that can be learned by an interface.

The value is an integer that ranges from 1 to 64.

Views

AP wired port profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After enabling port security on an interface, you can run the port-security max-mac-num command to limit the number of MAC addresses that can be learned by the interface. After the number of secure MAC addresses reaches the limit, the wireless access controller considers that packets with nonexistent source MAC addresses as attack packets regardless of whether the packets have destination MAC addresses. The wireless access controller then takes the action specified using the port-security protect-action command to protect the interface. This prevents STAs with untrusted MAC addresses from communicating with the wireless access controller through this interface, improving security of the device and network.

Prerequisites

The port security function has been enabled using the port-security enable command on the interface.

Precautions

If the sticky MAC function is disabled, max-number limits the number of secure dynamic MAC addresses learned by the interface.

If the sticky MAC function is enabled, max-number limits the number of sticky MAC addresses learned by the interface.

If you run the port-security max-mac-num command multiple times in the same interface view, only the latest configuration takes effect.

Example

# Set the maximum number of MAC addresses that can be learned by AP wired port to 5.

<AC6605> system-view
[AC6605] wlan
[AC6605-wlan-view] wired-port-profile name wire1
[AC6605-wlan-wired-port-wire1] mode endpoint
Warning: If the AP goes online through a wired port, the incorrect port mode con
figuration will cause the AP to go out of management. This fault can be recovere
d only by modifying the configuration on the AP. Continue? [Y/N]:y              
Warning: This action will take effect after resetting AP. 
[AC6605-wlan-wired-port-wire1] port-security enable
[AC6605-wlan-wired-port-wire1] port-security max-mac-num 5
Related Topics
Translation
简体中文
Download
Updated: 2021-02-27

Document ID: EDOC1100064351

Views: 3204493

Downloads: 595

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :