Configuration guidelines, Configuration procedure, Ignoring authorization information from the server – H3C Technologies H3C S12500-X Series Switches User Manual
Page 109: Enabling mac move

97
•
Configure the port to permit packets of the specified VLAN to pass or add the port to the VLAN.
Make sure the VLAN already exists.
208B
Configuration procedure
To configure a secure MAC address:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
(Optional.) Set the
secure MAC aging
timer.
port-security timer autolearn aging
time-value
By default, secure MAC addresses
do not age out.
3.
Configure a secure
MAC address.
•
In system view:
port-security mac-address security
[sticky] mac-address interface
interface-type interface-number vlan
vlan-id
•
In interface view:
a.
interface interface-type
interface-number
b.
port-security mac-address
security [ sticky ] mac-address
vlan vlan-id
Use either method.
No secure MAC address exists by
default.
In the same VLAN, a MAC address
cannot be specified as both a static
secure MAC address and a sticky
MAC address.
70B
Ignoring authorization information from the server
You can configure a port to ignore the authorization information received from the server (an RADIUS
server or the local device) after an 802.1X user or MAC authentication user passes authentication.
To configure a port to ignore authorization information from the server:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
interface interface-type
interface-number
N/A
3.
Ignore the authorization
information received from the
authentication server.
port-security authorization ignore
By default, a port uses the
authorization information received
from the authentication server.
71B
Enabling MAC move
MAC move allows 802.1X or MAC authenticated users to move between ports on a device. For example,
if an authenticated 802.1X user moves to another 802.1X-enabled port on the device, the authentication
session is deleted from the first port and the user is re-authenticated on the new port.
If MAC move is disabled and an 802.1X authenticated user moves to another port, it is not
re-authenticated.
- H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches