182
Ste
Command
Remarks
2. (Optional.) Set the
secure MAC aging
timer.
port-security timer autolearn aging
time-value
By default, secure MAC addresses
do not age out.
3. Configure a secure
MAC address.
• In system view:
port-security mac-address security
[ sticky ] mac-address interface
interface-type interface-number vlan
vlan-id
• In Layer 2 Ethernet interface view:
a. interface interface-type
interface-number
b. port-security mac-address
security [ sticky ] mac-address
vlan vlan-id
c. quit
By default, no secure MAC
address exists.
In the same VLAN, a MAC address
cannot be specified as both a static
secure MAC address and a sticky
MAC address.
4. Enter Layer 2 Ethernet
interface view.
interface interface-type interface-number
N/A
5. (Optional.) Enable
inactivity aging.
port-security mac-address aging-type
inactivity
By default, the inactivity aging
feature is disabled.
6. (Optional.) Enable the
dynamic secure MAC
feature.
port-security mac-address dynamic
By default, the dynamic secure
MAC feature is disabled. Sticky
MAC addresses can be saved to
the configuration file. Once saved,
they can survive a device reboot.
Ignoring authorization information from the server
You can configure a port to ignore the authorization information received from the server (local or remote)
after an 802.1X or MAC authentication user passes authentication.
To configure a port to ignore authorization information from the server:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet
interface view.
interface interface-type
interface-number
N/A
3. Ignore the authorization
information received from the
authentication server.
port-security authorization ignore
By default, a port uses the
authorization information received
from the authentication server.
Enabling MAC move
MAC move allows 802.1X or MAC authenticated users to move between ports on a device. For example,
if an authenticated 802.1X user moves to another 802.1X-enabled port on the device, the authentication
session is deleted from the first port. The user is reauthenticated on the new port.
To Next Page
Loading...
Need help?
General