< Home

Configuring Port Security

This section provides a sample of configuring port security using the edit-config method.

Table 1 Configuring port security

Operation

XPATH

edit-config
  • /ietf-interfaces:interfaces/interface/huawei-mac:mac-security/port-security
  • /huawei-mac:static-flapping-protect
  • /ietf-interfaces:interfaces/interface/name
  • /ietf-interfaces:interfaces/interface/type

Data Requirement 1: Configuring the Port Security Function

Item

Data

 Description

Whether to enable static MAC address flapping detection

true

Enable static MAC address flapping detection.

Interface name

GigabitEthernet0/0/9

Set the interface name to GigabitEthernet0/0/9.

Interface type

ethernetCsmacd

Set the interface type to physical interface.

Port security

true

Enable port security.

Maximum number of secure MAC addresses that can be learned on the interface

999

Set the maximum number of secure MAC addresses that can be learned on the interface to 999.

Protection action to be taken when the number of learned MAC addresses on the interface enabled with port security exceeds the upper limit or static MAC address flapping is detected

shutdown

Set the protection action to be taken when the number of learned MAC addresses on the interface enabled with port security exceeds the upper limit or static MAC address flapping is detected to shutdown.

Aging time of secure dynamic MAC addresses

1002

Set the aging time of secure dynamic MAC addresses to 1002 minutes.

Type of the aging time of secure dynamic MAC addresses

absolute

Set the type of the aging time of secure dynamic MAC addresses to absolute.

Request Example

<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <huawei-mac:static-flapping-protect xmlns:huawei-mac="urn:huawei:params:xml:ns:yang:huawei-mac">
        <huawei-mac:enable>true</huawei-mac:enable>
      </huawei-mac:static-flapping-protect>
      <if:interfaces xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
        <if:interface>
          <if:name>GigabitEthernet0/0/9</if:name>
          <if:type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</if:type>
          <huawei-mac:mac-security xmlns:huawei-mac="urn:huawei:params:xml:ns:yang:huawei-mac">
            <huawei-mac:port-security>
              <huawei-mac:enable>true</huawei-mac:enable>
              <huawei-mac:maxinum>999</huawei-mac:maxinum>
              <huawei-mac:action>shutdown</huawei-mac:action>
              <huawei-mac:port-security-aging>
                <huawei-mac:aging-time>1002</huawei-mac:aging-time>
                <huawei-mac:aging-type>absolute</huawei-mac:aging-type>
              </huawei-mac:port-security-aging>
            </huawei-mac:port-security>
          </huawei-mac:mac-security>
        </if:interface>
      </if:interfaces>
    </config>
  </edit-config>
</rpc>

Response Example

# Sample of successful response

##### Ok Reply or Operation Successful #####
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
  <ok/>
</rpc-reply>

# Sample of failed response

##### Error Reply or Operation Failed #####
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Wrong interface name.</error-message>
    <error-info>Error on node /ietf-interfaces:interfaces/interface[name="GigabitEthernet1/0/9"]/type</error-info>
  </rpc-error>
</rpc-reply>

Data Requirement 2: Deleting the Port Security Configuration

Delete the configuration performed in Data Requirement 1.

Request Example

<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <huawei-mac:static-flapping-protect xmlns:huawei-mac="urn:huawei:params:xml:ns:yang:huawei-mac" xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="delete">
        <huawei-mac:enable>true</huawei-mac:enable>
      </huawei-mac:static-flapping-protect>
      <if:interfaces xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
        <if:interface>
          <if:name>GigabitEthernet0/0/9</if:name>
          <if:type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</if:type>
          <huawei-mac:mac-security xmlns:huawei-mac="urn:huawei:params:xml:ns:yang:huawei-mac">
            <huawei-mac:port-security xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="delete"/>
          </huawei-mac:mac-security>
        </if:interface>
      </if:interfaces>
    </config>
  </edit-config>
</rpc>

Response Example

# Sample of successful response

##### Ok Reply or Operation Successful #####
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
  <ok/>
</rpc-reply>

# Sample of failed response

##### Error Reply or Operation Failed #####
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>data-missing</error-tag>
    <error-severity>error</error-severity>
    <error-path/>
    <error-message>edit operation failed.</error-message>
  </rpc-error>
</rpc-reply>
Parent Topic: Port Security Management
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic