When in the Comware CLI, enable first "port-security" in system-view. You should see "Done" once enabled.
<HP-SWITCH-5120>system-view
System View: return to User View with Ctrl+Z.
[HP-SWITCH-5120]port-security enable
Please wait............................... Done.
interface G1/0/1
stp edged-port enable
port-security max-mac-count 1
port-security port-mode autolearn
port-security intrusion-mode blockmac
- The "stp edge-port enable" command disables the switchport from participating to any STP traffic since only one device should be connected.
- The "port-security max-mac-count 1" restricts the switchport to only 1 MAC Address since we should have only 1 device connected.
- We don't need to hardcode the MAC address, the "port-security port-mode autolearn" will register the MAC address that connects on the switchport and save it on the configuration. Only 1 MAC address will be registered as per max-mac-count.
- The "port-security intrusion-mode blockmac" will protect the switchport from any intrusion which will block any other MAC Address that attempts to connect on this switchport.
Below is log generated when we connected a device initially on the switch port
%Jan 14 08:52:41:334 2015 HP-SWITCH-5120 PORTSEC/6/PORTSEC_LEARNED_MACADDR:
-IfName=GigabitEthernet1/0/1-MACAddr=00:1C:25:7B:55:3C-VlanId=500; A new MAC address learned.
When we check the interface configuration, we see the MAC address registered.
<HP-SWITCH-5120>display current-configuration interface g1/0/1
interface GigabitEthernet1/0/1
port access vlan 500
stp edged-port enable
port-security max-mac-count 1
port-security port-mode autolearn
port-security intrusion-mode blockmac
port-security mac-address security 001c-257b-553c vlan 500
Below is sample log for port-security MAC Address violation
%%10PORTSEC/4/VIOLATION(t): Trap1.3.6.1.4.1.25506.2.26.1.3.2 An intrusion occurs! IfIndex: 9437208 Port: 9437208 MAC Addr: B8:88:E2:EC:32:24 VLAN ID: 1800 IfAdminStatus: 1
%%10PORTSEC/5/PORTSEC_VIOLATION(l): -IfName=GigabitEthernet1/0/1-MACAddr=B8:88:E2:EC:32:24-VlanId=-1800-IfStatus=Up; Intrusion detected.
You can refer to this link for more options on Port Security on the HP/H3C Comware Platfrom