193
1. Enter system view.
system-view
N/A
2.
secure
timer.
port-
security timer autolearn aging
time-value
By
addresses do not age out.
3.
MAC address.
• In system view:
port-security mac-address
security [ sticky ] mac-address
interface interface-type
interface-number vlan vlan-id
• In Layer 2 Ethernet interface view:
a. interface interface-type
interface-number
b. port-security mac-address
security [ sticky ] mac-address
vlan vlan-id
By default, n
address exists.
In
address cannot be specified as
both a static secure MAC address
and a sticky MAC address.
4. Enter Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
5. (Optional.) Enable
inactivity aging.
port-security mac-address
aging-type inactivity
B
y default, the inactivity aging
feature is disabled.
6. (Optional.) Enable the
feature.
port-security mac-address dynamic
By default,
MAC
feature is disabled. Sticky
MAC addresses can be saved to
the configuration file. Once saved,
they can survive a device reboot.
Ignoring authorization information from the server
You can configure a port to ignore the authorization information received from the server (local or
remote) after an 802.1X or MAC authentication user passes authentication.
To configure a port to ignore authorization information from the server:
1. Enter system view.
system-view
N/A
2. Enter
interface view.
interface
interface-type
interface-number
N/A
3.
information received from the
authentication server.
port-
ignore
By default, a port uses the
authorization information received
from the authentication server.
Enabling MAC move
MAC move allows 802.1X or MAC authenticated users to move between ports on a device. For
example, if an authenticated 802.1X user moves to another 802.1X-enabled port on the device, the
authentication session is deleted from the first port. The user is reauthenticated on the new port.
If MAC move is disabled and an 802.1X authenticated user moves to another port, the user is not
reauthenticated.
To Next Page
Loading...
Need help?
General