Configuration prerequisites, Configuration procedure, Ignoring authorization information from the server – H3C Technologies H3C S6300 Series Switches User Manual
Page 166
151
Type
Address sources
Aging mechanism
Can be saved and
survive a device
reboot?
NOTE:
When the maximum number of secure MAC address entries is reached, the port changes to secure mode, and
it cannot add or learn any more secure MAC addresses. The port allows only frames sourced from a secure
MAC address or a MAC address configured by using the mac-address dynamic or mac-address static
command to pass through.
Configuration prerequisites
•
Enable port security.
•
Set port security's limit on the number of MAC addresses on the port. Perform this task before you
enable autoLearn mode.
•
Set the port security mode to autoLearn.
•
Configure the port to permit packets of the specified VLAN to pass or add the port to the VLAN.
Make sure the VLAN already exists.
Configuration procedure
To configure a secure MAC address:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
(Optional.) Set the
secure MAC aging
timer.
port-security timer autolearn aging
time-value
By default, secure MAC addresses
do not age out.
3.
Configure a secure
MAC address.
•
In system view:
port-security mac-address security
[sticky] mac-address interface
interface-type interface-number vlan
vlan-id
•
In Layer 2 Ethernet interface view:
a.
interface interface-type
interface-number
b.
port-security mac-address
security [ sticky ] mac-address
vlan vlan-id
Use either method.
No secure MAC address exists by
default.
In the same VLAN, a MAC address
cannot be specified as both a static
secure MAC address and a sticky
MAC address.
Ignoring authorization information from the server
You can configure a port to ignore the authorization information received from the server (an RADIUS
server or the local device) after an 802.1X user or MAC authentication user passes authentication.
To configure a port to ignore authorization information from the server: