Copying port-security configuration - 3Com 4500

[Henriquecicuto]

Good afternoon

We´ve just received 7 brand new 3Com 4500 switches, and now they need to be configured.
I´m almost done with the first one. Then all I´ll have to do is copy the config file to the others.
Right now I´m working in port-security, and i´ve just done it.
Now I need to copy the port-security config from one port to all the others. The "copy configuration" command didn´t work, since it doesn´t copy the port-security options.

Any idea how I can do this, without having to configure every single port?

Thank you

 

[Bas1234]

Make a back up of your switch using a tftp server, put the back up in the other 6. Change the ip addresses.

___________________________________________
It works! Now if only I could remember what I did...
___________________________________________

 

[Henriquecicuto]

Well, yes. That´s what I intend to do to pass the config to the other switches.

But actually, what I want to do, for example, is to configure autolearning in all ports in a single switch. "copy configuration" doesn´t work for that.
Anyway I can do it without having to:

- Configure each port manually;
- Copy my config file to a computer, change it using a text editor and then copy it back.

 

[Bas1234]

Is this what you're looking for?
Look at the version, and the Precautions at the bottom.

9 PORT SECURITY CONFIGURATION
GUIDE
Configuring Port
Security autolearn
Mode
In autolearn mode, a port can learn a specified number of MAC addresses and
save those addresses as secure MAC addresses. Once the number of secure MAC
addresses learnt by the port exceeds the upper limit defined by the port-security
max-mac-count command, the port transits to the secure mode. In secure mode,
a port does not save any new secure MAC addresses and permits only packets
whose source addresses are secure MAC address or configured dynamic MAC
addresses.
Network Diagram Figure 12 Network diagram for configuring port security autolearn mode
Networking and
Configuration
Requirements
On port Ethernet 1/0/1 of the switch, perform configurations to meet the
following requirements:
? Allow a maximum of 80 users to access the port without authentication, and
save the automatically learned user MAC addresses as secure MAC addresses.
? To ensure that the host can access the network, add the MAC address
0001-0002-0003 as a secure MAC address to VLAN 1 on the port.
? Once the number of secure MAC addresses reaches 80, the port stops MAC
address learning. If any frame with an unknown source MAC address arrives,
intrusion protection is triggered and the port is disabled and kept silent for 30
seconds.
Applicable Products
Configuration Procedure # Enter system view.
<3Com> system-view
# Enable port security.
[3Com] port-security enable
Internet
Host Switch
Eth1/0/1
MAC:0001-0002-0003
Product series Software version Hardware version
Switch 5500 Release V03.02.04 All versions
Switch 5500G Release V03.02.04 All versions
Switch 4500 Release V03.03.00 All versions
48 CHAPTER 9: PORT SECURITY CONFIGURATION GUIDE
# Enter Ethernet 1/0/1 port view.
[3Com] interface Ethernet1/0/1
# Set the maximum number of MAC addresses allowed on the port to 80.
[3Com-Ethernet1/0/1] port-security max-mac-count 80
# Set the port security mode to autolearn.
[3Com-Ethernet1/0/1] port-security port-mode autolearn
# Add the MAC address 0001-0002-0003 as a secure MAC address to VLAN 1.
[3Com-Ethernet1/0/1] mac-address security 0001-0002-0003 vlan 1
# Configure the port to be silent for 30 seconds after intrusion protection is
triggered.
[3Com-Ethernet1/0/1] port-security intrusion-mode disableport-temporarily
[3Com-Ethernet1/0/1] quit
[3Com] port-security timer disableport 30
Complete Configuration #
port-security enable
port-security timer disableport 30
#
interface Ethernet1/0/1
port-security max-mac-count 80
port-security port-mode autolearn
port-security intrusion-mode disableport-temporarily
mac-address security 0001-0002-0003 vlan 1
#


Precautions

? Before enabling port security, be sure to disable 802.1x and MAC
authentication globally.
? On a port configured with port security, you cannot configure the maximum
number of MAC addresses that the port can learn, reflector port for port
mirroring, fabric port or link aggregation.

___________________________________________
It works! Now if only I could remember what I did...
___________________________________________

 

[Henriquecicuto]

I saw that config in the Configuration Guide.
I guess I´m not beeing clear.

I´ve configured autolearn/blockmac in Ethernet 1/0/1. Already tested it. It´s working fine.
What I want now is to configure autolearn/blockmac in the other ports: Ethernet 1/0/2, 1/0/3, 1/0/4, and so on.

What I´d like to know is if there´s someway I can do it using a CLI command or if I´ll have to configure all of them manually.

 

[Bas1234]

OK now i get it...:-D

You could make a script in Hyperterminal.

Configure 1 port the copy the whole text, in to notepad paste the text 24 times or so and change the port numbers.

I normaly use procomm plus that is a bit easier.

___________________________________________
It works! Now if only I could remember what I did...
___________________________________________