beautypg.com

Configuring security mac addresses, Configuring a security mac address entry manually, Configuring a security mac address – H3C Technologies H3C S3100 Series Switches User Manual

Page 181

background image

1-10

To do...

Use the command...

Remarks

Enter Ethernet port view

interface interface-type
interface-number

Ignore the authorization
information from the RADIUS
server

port-security authorization
ignore

Required

By default, a port uses the
authorization information from
the RADIUS server.

Configuring Security MAC Addresses

A port in autolearn mode performs MAC address learning and maintains a security MAC address

forwarding table. You can also manually configure security MAC address entries. By default, the

security MAC address entries will never be aged, one security MAC address can only be added to the

forwarding table of one port. This feature allows binding a security MAC address with a port in the same

VLAN.

After the security port is set to autolearn, the port changes its way of learning MAC addresses as

follows.

The port deletes original dynamic MAC addresses;

z

If the amount of security MAC addresses has not yet reach the maximum number, the port will

learn new MAC addresses and turn them to security MAC addresses;

z

If the amount of security MAC addresses reaches the maximum number, the port will not be able to

learn new MAC addresses and the port mode will be changed from autolearn to secure.

The security MAC addresses manually configured are written to the configuration file; they will not get

lost when the port is up or down. As long as the configuration file is saved, the security MAC addresses

can be restored after the switch reboots.

Configuring a security MAC address entry manually

Before configuring a security MAC address entry for a port manually, ensure that:

z

Port security is enabled.

z

The maximum number of security MAC addresses allowed on the port is set.

z

The security mode of the port is set to autolearn.

Configuring a security MAC address

Follow these steps to configure a security MAC address:

To do...

Use the command...

Remarks

Enter system view

system-view

Add a security
MAC address

In system
view

mac-address security mac-address
interface interface-type interface-number vlan
vlan-id

Either is
required.

By default, no

See also other documents in the category H3C Technologies Routers: