安全动态mac地址学习功能
Huaweiint g0/0/01
interface GigabitEthernet0/0/1
port-security enable //开启安全
port-security max-mac-num 2 //最多为2个mac地址学习
port-security protect-action restrict //丢包带警告
port-security aging-time 1 //mac地址的老化时间配置一分钟,这个看情况要不要配
动态sticky绑定客户端的mac
interface GigabitEthernet0/0/2
port-security enable
port-security protect-action protect
port-security mac-address sticky
port-security max-mac-num 1
sticky中的设备mac表保存在dir文件中(一定得先设备save后才能有这个文件):
手工静态sticky绑定客户端的mac
interface GigabitEthernet0/0/3
port-security enable
port-security protect-action shutdown
port-security max-mac-num 2
port-security mac-address sticky
port-security mac-address sticky 5489-98CE-1A06 vlan 1
可在全局下设置shutdown的端口自动恢复时间
Huaweierror-down auto-recovery cause port-security interval interal-value