Configure the port to permit packets of the specified VLAN to pass or add the port to the VLAN.
•
Make sure the VLAN already exists.
Configuration procedure
To configure a secure MAC address:
Step
1.
Enter system view.
2.
(Optional.) Set the
secure MAC aging
timer.
3.
Configure a secure
MAC address.
Ignoring authorization information from the server
You can configure a port to ignore the authorization information received from the server (an RADIUS
server or the local device) after an 802.1X user or MAC authentication user passes authentication.
To configure a port to ignore authorization information from the server:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Ignore the authorization
information received from the
authentication server.
Displaying and maintaining port security
Execute display commands in any view:
Task
Display the port security configuration,
operation information, and statistics.
Command
system-view
port-security timer autolearn aging
time-value
•
In system view:
port-security mac-address security
[sticky] mac-address interface
interface-type interface-number vlan
vlan-id
•
In interface view:
a.
interface interface-type
interface-number
b.
port-security mac-address
security [ sticky ] mac-address
vlan vlan-id
Command
system-view
interface interface-type
interface-number
port-security authorization ignore
Command
display port-security [ interface interface-type interface-number ]
94
Remarks
N/A
By default, secure MAC addresses
do not age out.
Use either method.
No secure MAC address exists by
default.
In the same VLAN, a MAC address
cannot be specified as both a static
secure MAC address and a sticky
MAC address.
Remarks
N/A
N/A
By default, a port uses the
authorization information received
from the authentication server.