Type
NOTE:
When the maximum number of secure MAC address entries is reached, the port changes to secure mode, and
it cannot add or learn any more secure MAC addresses. The port allows only frames sourced from a secure
MAC address or a MAC address configured by using the mac-address dynamic or mac-address static
command to pass through.
Configuration prerequisites
Enable port security.
•
•
Set port security's limit on the number of MAC addresses on the port. Perform this task before you
enable autoLearn mode.
Set the port security mode to autoLearn.
•
Configure the port to permit packets of the specified VLAN to pass or add the port to the VLAN.
•
Make sure the VLAN already exists.
Configuration procedure
To configure a secure MAC address:
Step
1.
Enter system view.
2.
(Optional.) Set the
secure MAC aging
timer.
3.
Configure a secure
MAC address.
Ignoring authorization information from the server
You can configure a port to ignore the authorization information received from the server (an RADIUS
server or the local device) after an 802.1X user or MAC authentication user passes authentication.
To configure a port to ignore authorization information from the server:
Address sources
Aging mechanism
Command
system-view
port-security timer autolearn aging
time-value
•
In system view:
port-security mac-address security
[sticky] mac-address interface
interface-type interface-number vlan
vlan-id
•
In Layer 2 Ethernet interface view:
a.
b.
interface interface-type
interface-number
port-security mac-address
security [ sticky ] mac-address
vlan vlan-id
153
Can be saved and
survive a device
reboot?
Remarks
N/A
By default, secure MAC addresses
do not age out.
Use either method.
No secure MAC address exists by
default.
In the same VLAN, a MAC address
cannot be specified as both a static
secure MAC address and a sticky
MAC address.