Ignoring The Authorization Information From The Radius Server; Configuring Secure Mac Addresses - H3C S5600 Series Operation Manual

To change the security mode from macAddressOrUserLoginSecure mode of a port
that is assigned to a guest VLAN, execute the undo port-security guest-vlan
command first to remove the guest VLAN configuration.
For a port configured with both the port-security guest-vlan and port-security
intrusion-mode disableport commands, when authentication of a user fails, only the
intrusion detection feature is triggered. The port is not added to the specified guest
VLAN.
It is not recommended to configure the port-security guest-vlan and port-security
intrusion-mode blockmac commands simultaneously for a port. Because when the
authentication of a user fails, the blocking MAC address feature will be triggered and
packets of the user will be dropped, making the user unable to access the guest VLAN.

Ignoring the Authorization Information from the RADIUS Server

After an 802.1X user or MAC-authenticated user passes Remote Authentication Dial-In
User Service (RADIUS) authentication, the RADIUS server delivers the authorization
information to the device. You can configure a port to ignore the authorization information
from the RADIUS server.
Follow these steps to configure a port to ignore the authorization information from the
RADIUS server:
To do...
Enter system view
Enter Ethernet port view
Ignore the authorization
information from the RADIUS
server

Configuring Secure MAC Addresses

In autoLearn mode, a port can learn MAC addresses. These dynamically learned MAC
addresses are secure MAC addresses. You can also configure secure MAC addresses by
using the mac-address security command. A secure MAC addresses never ages out by
default. .One MAC address can only be added to the table of one port as a secure MAC
address. This feature allows binding a secure MAC address to one port in the same VLAN.
After the security port is set to autoLearn, the port changes its way of learning MAC
addresses as follows.
The port deletes original dynamic MAC addresses.
If the amount of secure MAC address entries has not yet reach the maximum number,
the port will learn new MAC addresses and save them as secure MAC addresses.
If the amount of secure MAC address entries reaches the maximum number, the port
will not be able to learn new MAC addresses and the port mode will be changed from
autoLearn to secure.
Use the command...
system-view
interface interface-type
interface-number
port-security authorization
ignore
1-15
Remarks
—
—
Required
By default, a port uses the
authorization information from
the RADIUS server.