Configuration guidelines, Configuration procedure, Ignoring authorization information from the server – H3C Technologies H3C S12500-X Series Switches User Manual
Page 109: Enabling mac move
97
•
Configure the port to permit packets of the specified VLAN to pass or add the port to the VLAN.
Make sure the VLAN already exists.
208B
Configuration procedure
To configure a secure MAC address:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
(Optional.) Set the
secure MAC aging
timer.
port-security timer autolearn aging
time-value
By default, secure MAC addresses
do not age out.
3.
Configure a secure
MAC address.
•
In system view:
port-security mac-address security
[sticky] mac-address interface
interface-type interface-number vlan
vlan-id
•
In interface view:
a.
interface interface-type
interface-number
b.
port-security mac-address
security [ sticky ] mac-address
vlan vlan-id
Use either method.
No secure MAC address exists by
default.
In the same VLAN, a MAC address
cannot be specified as both a static
secure MAC address and a sticky
MAC address.
70B
Ignoring authorization information from the server
You can configure a port to ignore the authorization information received from the server (an RADIUS
server or the local device) after an 802.1X user or MAC authentication user passes authentication.
To configure a port to ignore authorization information from the server:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
interface interface-type
interface-number
N/A
3.
Ignore the authorization
information received from the
authentication server.
port-security authorization ignore
By default, a port uses the
authorization information received
from the authentication server.
71B
Enabling MAC move
MAC move allows 802.1X or MAC authenticated users to move between ports on a device. For example,
if an authenticated 802.1X user moves to another 802.1X-enabled port on the device, the authentication
session is deleted from the first port and the user is re-authenticated on the new port.
If MAC move is disabled and an 802.1X authenticated user moves to another port, it is not
re-authenticated.