Comware Based
Showing results for 
Search instead for 
Did you mean: 

Can 3Com 4500 ACL + port-security work together?

Occasional Contributor

Can 3Com 4500 ACL + port-security work together?



Is it possible that 3Com 4500 ACL + port-security working together.


I want to using ACL to control with IP can be access the port and port-security is using for limit the max number of MAC when can across to the port.  Disable the port otherwise.


Individual is work either port-security or ACL.  However, when done a test which is like the following confining



- The IP address when did not listed in ACL can be across the port


see any advise from here.  Thanks!


 port-security enable                
 port-security timer disableport 30   



acl number 3001
 rule 0 deny IP                              
 rule 1 permit IP source 192.168.40 0    
 rule 2 permit IP source 192.168.41 0     

 rule 3 permit IP source 192.168.43 0  



interface Ethernet1/0/19
 port-security max-mac-count 3                
 port-security port-mode autolearn           
 port-security intrusion-mode disableport-temporarily       
 mac-address security 0d0c-29gd-01fc vlan 1           
 mac-address security 0d0c-29c3-2845 vlan 1
 mac-address security 7ccc-cb4e-59f4 vlan 1
 packet-filter inbound ip-group 3001 rule 0     
 packet-filter inbound ip-group 3001 rule 1     
 packet-filter inbound ip-group 3001 rule 2     
 packet-filter inbound ip-group 3001 rule 3    


P.S. This thread has been moved from Switches, Hubs, Modems (Legacy ITRC forum) to Comware-Based. -HP Forum Moderator


Graham Hurst

Re: Can 3Com 4500 ACL + port-security work together?

This is not a feature that is supported by the 4500 series switches, but is by the 5500 series. To apply dynamic ACLs, you need to define qos-profiles (that in turn reference packet-filters), ensure no qos-profiles or packet-filters are statically set on the port and use the Filter-Id RADIUS AVP to return the desired qos-profile's name in the Access-Accept.