180
When the maximum number of secure MAC address entries is reached on the port, the port changes to
secure mode, and no more secure MAC addresses can be added or learned. The port allows only frames
sourced from a secure MAC address or MAC addresses configured with the mac-address dynamic or
mac-address static command to pass through.
Configuration prerequisites
• Enable port security
• Set the maximum number of secure MAC addresses on the port
• Set the port security mode to autoLearn
Configuration procedure
Follow these steps to configure a secure MAC address:
To do… Use the command… Remarks
Enter system view system-view —
Configure a
secure MAC
address
In system view
port-security mac-address security
mac-address interface interface-type
interface-number vlan vlan-id
Required
Use either approach
No secure MAC address is
configured by default.
In Layer 2
Ethernet
interface view
interface interface-type interface-number
port-security mac-address security
mac-address vlan vlan-id
NOTE:
The manually configured secure MAC addresses are saved in the configuration file and will not get lost no
matter whether the port is up or
oes down. After you save the confi
uration file, the secure MAC address
saved in the configuration file are maintained even after the device restarts.
Ignoring authorization information from the server
The authorization information is delivered by the RADIUS server to the device after an 802.1X user or
MAC authenticated user passes RADIUS authentication. You can configure a port to ignore the
authorization information from the RADIUS server.
Follow these steps to configure a port to ignore the authorization information from the RADIUS server:
To do… Use the command… Remarks
Enter system view system-view —
Enter Layer 2 Ethernet interface
view
interface interface-type
interface-number
—
Ignore the authorization
information from the RADIUS
server
port-security authorization ignore
Required
By default, a port uses the
authorization information from the
RADIUS server.
To Next Page
Loading...
