R3303-HP HSR6800 Routers Security Configuration Guide
174
Ste
p
Command
Remarks
2. Set the secure MAC
aging timer.
port-security timer autolearn aging
time-value
Optional.
By default, secure MAC addresses
do note age out, and you can
remove them only by performing
the undo port-security
mac-address security command,
changing the port security mode,
or disabling the port security
feature.
3. Configure a secure
MAC address.
• In system view:
port-security mac-address security
[sticky] mac-address interface
interface-type interface-number vlan
vlan-id
• In Layer 2 Ethernet interface view:
a. interface interface-type
interface-number
b. port-security mac-address
security [ sticky ] mac-address
vlan vlan-id
c. quit
Use either method.
No secure MAC address exists by
default.
4. Enter Layer 2 Ethernet
interface view.
interface interface-type interface-number
N/A
5. Enable inactivity
aging.
port-security mac-address aging-type
inactivity
Optional.
By default, the inactivity aging
function is disabled.
6. Enable the dynamic
secure MAC function.
port-security mac-address dynamic
Optional.
By default, sticky MAC addresses
can be saved to the configuration
file, and once saved, can survive a
device reboot.
Ignoring authorization information from the server
Perform this task to configure a port to ignore the authorization information received from the server (an
RADIUS server or the local device) after an 802.1X user or MAC authentication user passes
authentication.
To configure a port to ignore authorization information from the server:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Ignore the authorization
information received from the
authentication server.
port-security authorization ignore
By default, a port uses the
authorization information received
from the authentication server.