128 CHAPTER 12: PORT SECURITY CONFIGURATION
Configuring the Trap feature
Ignoring the
Authorization
Information from the
RADIUS Server
After an 802.1x user or MAC-authenticated user passes Remote Authentication
Dial-In User Service (RADIUS) authentication, the RADIUS server delivers the
authorization information to the device. You can configure a port to ignore the
authorization information from the RADIUS server.
Configuring Security
MAC Addresses
Security MAC addresses are special MAC addresses that never age out. One
security MAC address can be added to only one port in the same VLAN so that you
can bind a MAC address to one port in the same VLAN.
Security MAC addresses can be learned by the auto-learn function of port security
or manually configured.
Before adding security MAC addresses to a port, you must configure the port
security mode to autolearn. After this configuration, the port changes its way of
learning MAC addresses as follows.
■ The port deletes original dynamic MAC addresses;
■ If the amount of security MAC addresses has not yet reach the maximum
number, the port will learn new MAC addresses and turn them to security
MAC addresses;
■ If the amount of security MAC addresses reaches the maximum number, the
port will not be able to learn new MAC addresses and the port mode will be
changed from autolearn to secure.
n
The security MAC addresses manually configured are written to the configuration
file; they will not get lost when the port is up or down. As long as the
configuration file is saved, the security MAC addresses can be restored after the
switch reboots.
Tabl e 84 Configure port security trapping
Operation Command Remarks
Enter system view system-view -
Enable sending traps for the
specified type of event
port-security trap {
addresslearned |
dot1xlogfailure |
dot1xlogoff | dot1xlogon |
intrusion | ralmlogfailure |
ralmlogoff | ralmlogon }
Required
By default, no trap is sent.
Tabl e 85 Configure a port to ignore the authorization information from the RADIUS
server
Operation Command Remarks
Enter system view system-view -
Enter Ethernet port view interface interface-type
interface-number
-
Ignore the authorization
information from the RADIUS
server
port-security authorization
ignore
Required
By default, a port uses the
authorization information
from the RADIUS server.
To Next Page
Loading...
