Ignoring the Authorization Information from the RADIUS Server
After an 802.1x user or MAC-authenticated user passes Remote Authentication Dial-In User Service
(RADIUS) authentication, the RADIUS server delivers the authorization information to the device. You
can configure a port to ignore the authorization information from the RADIUS server.
Follow these steps to configure a port to ignore the authorization information from the RADIUS server:
To do...
Enter system view
Enter Ethernet port view
Ignore the authorization
information from the RADIUS
server
Configuring Security MAC Addresses
A port in autolearn mode performs MAC address learning and maintains a security MAC address
forwarding table. You can also manually configure security MAC address entries. By default, the
security MAC address entries will never be aged, one security MAC address can only be added to the
forwarding table of one port. This feature allows binding a security MAC address with a port in the same
VLAN.
After the security port is set to autolearn, the port changes its way of learning MAC addresses as
follows.
The port deletes original dynamic MAC addresses;
If the amount of security MAC address entries has not yet reach the maximum number, the port will
learn new MAC address entries and turn them to security MAC addresses;
If the amount of security MAC address entries reaches the maximum number, the port will not be
able to learn new MAC addresses and the port mode will be changed from autolearn to secure.
The security MAC addresses manually configured are written to the configuration file; they will not get
lost when the port is up or down. As long as the configuration file is saved, the security MAC addresses
can be restored after the switch reboots.
Configuring a security MAC address entry manually
Before configuring a security MAC address entry for a port manually, ensure that:
Port security is enabled.
The maximum number of security MAC addresses allowed on the port is set.
The security mode of the port is set to autolearn.
Follow these steps to configure a security MAC address entry manually:
Use the command...
system-view
interface interface-type
interface-number
port-security authorization
ignore
1-10
Remarks
—
—
Required
By default, a port uses the
authorization information from
the RADIUS server.