338
In any other mode that enables 802.1X, MAC authentication, or both, this command sets the
maximum number of authenticated MAC addresses on the port. The actual maximum number of
concurrent users that the port accepts equals the smaller of the following values:
•
The value set by using this command.
•
The maximum number of concurrent users allowed by the authentication mode in use.
For example, in userLoginSecureExt mode, if 802.1X allows more concurrent users than port
security's limit on the number of MAC addresses, port security's limit takes effect.
You cannot change port security's limit on the number of MAC addresses when the port is operating
in autoLearn mode.
Examples
# Set the maximum number of secure MAC address port security allows on GigabitEthernet 1/0/1 to
100.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port-security max-mac-count 100
Related commands
display port-security
port-security nas-id-profile
Use
port-security nas-id-profile
to apply a NAS-ID profile to global or port-based port security.
Use
undo port-security nas-id-profile
to restore the default.
Syntax
port-security nas-id-profile
profile-name
undo port-security nas-id-profile
Default
No NAS-ID profile is applied to port security globally or on any port.
Views
System view
Interface view
Predefined user roles
network-admin
Parameters
profile-name
: Specifies a NAS-ID profile by its name. The argument is a case-insensitive string of 1
to 31 characters.
Usage guidelines
A NAS-ID profile defines NAS-ID and VLAN bindings. You can create a NAS-ID profile by using the
aaa nas-id profile
command.
The device selects a NAS-ID profile for a port in the following order:
1.
The port-specific NAS-ID profile.
2.
The NAS-ID profile applied globally.
If no NAS-ID profile is applied or no matching binding is found in the selected profile, the device uses
the device name as the NAS-ID.
Summary of Contents for FlexNetwork MSR Series
Page 1005: ...987 ...