1-10
To do... Use the command... Remarks
Enter Ethernet port view
interface interface-type
interface-number
—
Ignore the authorization
information from the RADIUS
server
port-security authorization
ignore
Required
By default, a port uses the
authorization information from
the RADIUS server.
Configuring Security MAC Addresses
A port in autolearn mode performs MAC address learning and maintains a security MAC address
forwarding table. You can also manually configure security MAC address entries. By default, the
security MAC address entries will never be aged, one security MAC address can only be added to the
forwarding table of one port. This feature allows binding a security MAC address with a port in the same
VLAN.
After the security port is set to autolearn, the port changes its way of learning MAC addresses as
follows.
The port deletes original dynamic MAC addresses;
z If the amount of security MAC addresses has not yet reach the maximum number, the port will
learn new MAC addresses and turn them to security MAC addresses;
z If the amount of security MAC addresses reaches the maximum number, the port will not be able to
learn new MAC addresses and the port mode will be changed from autolearn to secure.
The security MAC addresses manually configured are written to the configuration file; they will not get
lost when the port is up or down. As long as the configuration file is saved, the security MAC addresses
can be restored after the switch reboots.
Configuring a security MAC address entry manually
Before configuring a security MAC address entry for a port manually, ensure that:
z Port security is enabled.
z The maximum number of security MAC addresses allowed on the port is set.
z The security mode of the port is set to autolearn.
Configuring a security MAC address
Follow these steps to configure a security MAC address:
To do... Use the command... Remarks
Enter system view
system-view
—
Add a security
MAC address
In system
view
mac-address security mac-address
interface interface-type interface-number vlan
vlan-id
Either is
required.
By default, no
To Next Page
Loading...