Configuration guidelines, Configuration procedure, Ignoring authorization information from the server – H3C Technologies H3C S12500-X Series Switches User Manual

Page 109: Enabling mac move

•

Configure the port to permit packets of the specified VLAN to pass or add the port to the VLAN.

Make sure the VLAN already exists.

208B

Configuration procedure

To configure a secure MAC address:

Step Command

Remarks

Enter system view.

system-view

N/A

(Optional.) Set the
secure MAC aging

timer.

port-security timer autolearn aging
time-value

By default, secure MAC addresses
do not age out.

Configure a secure
MAC address.

•

In system view:
port-security mac-address security

[sticky] mac-address interface

interface-type interface-number vlan
vlan-id

•

In interface view:

interface interface-type

interface-number

port-security mac-address

security [ sticky ] mac-address

vlan vlan-id

Use either method.
No secure MAC address exists by

default.
In the same VLAN, a MAC address
cannot be specified as both a static

secure MAC address and a sticky

MAC address.

70B

Ignoring authorization information from the server

You can configure a port to ignore the authorization information received from the server (an RADIUS

server or the local device) after an 802.1X user or MAC authentication user passes authentication.
To configure a port to ignore authorization information from the server:

Step Command

Remarks

Enter system view.

system-view

N/A

Enter interface view.

interface interface-type
interface-number

N/A

Ignore the authorization

information received from the
authentication server.

port-security authorization ignore

By default, a port uses the
authorization information received

from the authentication server.

71B

Enabling MAC move

MAC move allows 802.1X or MAC authenticated users to move between ports on a device. For example,

if an authenticated 802.1X user moves to another 802.1X-enabled port on the device, the authentication

session is deleted from the first port and the user is re-authenticated on the new port.
If MAC move is disabled and an 802.1X authenticated user moves to another port, it is not

re-authenticated.

This manual is related to the following products:

H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches