Enabling mac move, Displaying and maintaining port security – H3C Technologies H3C S6300 Series Switches User Manual

152

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter Layer 2 Ethernet

interface view.

interface interface-type
interface-number

N/A

3.

Ignore the authorization

information received from the
authentication server.

port-security authorization ignore

By default, a port uses the
authorization information received

from the authentication server.

Enabling MAC move

MAC move allows 802.1X or MAC authenticated users to move between ports on a device. For example,

if an authenticated 802.1X user moves to another 802.1X-enabled port on the device, the authentication

session is deleted from the first port and the user is re-authenticated on the new port.
If MAC move is disabled and an 802.1X authenticated user moves to another port, it is not
re-authenticated.
H3C recommends you enable MAC move for wireless users that roam between ports to access the

network.
To enable MAC move:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable MAC move.

port-security mac-move permit

By default, MAC move is disabled.

Displaying and maintaining port security

Execute display commands in any view:

Task Command

Display the port security configuration,
operation information, and statistics.

display port-security [ interface interface-type interface-number ]

Display information about secure MAC
addresses.

display port-security mac-address security [ interface
interface-type interface-number ] [ vlan vlan-id ] [ count ]

Display information about blocked MAC
addresses.

display port-security mac-address block [ interface interface-type
interface-number ] [ vlan vlan-id ] [ count ]