Configuring security mac addresses, Configuration prerequisites, Configuration procedure – H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 149: Configuring security mac addresses -8

Advertising
background image

18-8

To do…

Use the command…

Remarks

Ignore the authorization
information from the RADIUS
server

port-security authorization
ignore

Required
By default, a port uses the
authorization information from the
RADIUS server.

Configuring Security MAC Addresses

Security MAC addresses are special MAC addresses that never age out. One security MAC address
can be added to only one port in the same VLAN so that you can bind a MAC address to one port in the
same VLAN.

Security MAC addresses can be learned by the auto-learn function of port security or manually
configured.

Before adding security MAC addresses to a port, you must configure the port security mode to

autolearn

. After this configuration, the port changes its way of learning MAC addresses as follows.

z

The port deletes original dynamic MAC addresses;

z

If the amount of security MAC addresses has not yet reach the maximum number, the port will
learn new MAC addresses and turn them to security MAC addresses;

z

If the amount of security MAC addresses reaches the maximum number, the port will not be able to
learn new MAC addresses and the port mode will be changed from autolearn to secure.

The security MAC addresses manually configured are written to the configuration file; they will not get
lost when the port is up or down. As long as the configuration file is saved, the security MAC addresses
can be restored after the device reboots.

Configuration prerequisites

z

Port security is enabled.

z

The maximum number of security MAC addresses allowed on the port is set.

z

The security mode of the port is set to autolearn.

Configuration procedure

Follow these steps to configure a security MAC address

To do…

Use the command…

Remarks

Enter system view

system-view

In system
view

mac-address security mac-address
interface interface-type interface-number vlan
vlan-id

interface

interface-type interface-number

Add a security
MAC address

In Ethernet
port view

mac-address security mac-address vlan
vlan-id

Either is required.
By default, no security
MAC address is
configured.

Advertising
Popular Brands
Popular manuals