•
Set the port security mode to autoLearn.
•
Configure the port to permit packets of the specified VLAN to pass or add the port to the VLAN.
Make sure the VLAN already exists.
Configuration procedure
To configure a secure MAC address:
Step
1.
Enter system view.
2.
(Optional.) Set the
secure MAC aging
timer.
3.
Configure a secure
MAC address.
4.
Enter Layer 2 Ethernet
interface view.
5.
(Optional.) Enable
inactivity aging.
6.
(Optional.) Enable the
dynamic secure MAC
feature.
Ignoring authorization information from the server
You can configure a port to ignore the authorization information received from the server (local or
remote) after an 802.1X or MAC authentication user passes authentication.
To configure a port to ignore authorization information from the server:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Ignore the authorization
information received from
the authentication server.
Command
system-view
port-security timer autolearn aging
time-value
•
In system view:
port-security mac-address
security [ sticky ] mac-address
interface interface-type
interface-number vlan vlan-id
•
In Layer 2 Ethernet interface view:
a. interface interface-type
interface-number
b. port-security mac-address
security [ sticky ]
mac-address vlan vlan-id
c. quit
interface interface-type
interface-number
port-security mac-address
aging-type inactivity
port-security mac-address dynamic
Command
system-view
interface interface-type
interface-number
port-security authorization
ignore
200
Remarks
N/A
By default, secure MAC
addresses do not age out.
By default, no secure MAC
address exists.
In the same VLAN, a MAC
address cannot be specified as
both a static secure MAC address
and a sticky MAC address.
N/A
By default, the inactivity aging
feature is disabled.
By default, this feature is
disabled. Sticky MAC addresses
can be saved to the configuration
file. Once saved, they can survive
a device reboot.
Remarks
N/A
N/A
By default, a port uses the
authorization information received
from the authentication server.