Ignoring Authorization Information From The Server; Enabling Mac Move - HP FlexFabric 5700 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 5700 Series:
- Configuration manual (185 pages) ,
- Configuration manual (63 pages) ,
- Configuration manual (125 pages)
Table of Contents
Advertisement
Step
2.
(Optional.) Set the
secure MAC aging
timer.
3.
Configure a secure
MAC address.
4.
Enter Layer 2 Ethernet
interface view.
5.
(Optional.) Enable
inactivity aging.
6.
(Optional.) Enable the
dynamic secure MAC
feature.
Ignoring authorization information from the server
You can configure a port to ignore the authorization information received from the server (local or remote)
after an 802.1X or MAC authentication user passes authentication.
To configure a port to ignore authorization information from the server:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Ignore the authorization
information received from the
authentication server.
Enabling MAC move
MAC move allows 802.1X or MAC authenticated users to move between ports on a device. For example,
if an authenticated 802.1X user moves to another 802.1X-enabled port on the device, the authentication
session is deleted from the first port. The user is reauthenticated on the new port.
Command
port-security timer autolearn aging
time-value
•
In system view:
port-security mac-address security
[ sticky ] mac-address interface
interface-type interface-number vlan
vlan-id
•
In Layer 2 Ethernet interface view:
a.
interface interface-type
interface-number
b.
port-security mac-address
security [ sticky ] mac-address
vlan vlan-id
c.
quit
interface interface-type interface-number
port-security mac-address aging-type
inactivity
port-security mac-address dynamic
Command
system-view
interface interface-type
interface-number
port-security authorization ignore
182
Remarks
By default, secure MAC addresses
do not age out.
By default, no secure MAC
address exists.
In the same VLAN, a MAC address
cannot be specified as both a static
secure MAC address and a sticky
MAC address.
N/A
By default, the inactivity aging
feature is disabled.
By default, the dynamic secure
MAC feature is disabled. Sticky
MAC addresses can be saved to
the configuration file. Once saved,
they can survive a device reboot.
Remarks
N/A
N/A
By default, a port uses the
authorization information received
from the authentication server.
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
