R211x-HP Flexfabric 11900 Security Configuration Guide
96
• Configure the port to permit packets of the specified VLAN to pass or add the port to the VLAN.
Make sure the VLAN already exists.
Configuration procedure
To configure a secure MAC address:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. (Optional.) Set the
secure MAC aging
timer.
port-security timer autolearn aging
time-value
By default, secure MAC addresses
do not age out.
3. Configure a secure
MAC address.
• In system view:
port-security mac-address security
[ sticky ] mac-address interface
interface-type interface-number vlan
vlan-id
• In Layer 2 Ethernet interface view:
a. interface interface-type
interface-number
b. port-security mac-address
security [ sticky ] mac-address
vlan vlan-id
Use either method.
No secure MAC address exists by
default.
In the same VLAN, a MAC address
cannot be specified as both a static
secure MAC address and a sticky
MAC address.
Ignoring authorization information from the server
You can configure a port to ignore the authorization information received from the server (an RADIUS
server or the local device) after an 802.1X user or MAC authentication user passes authentication.
To configure a port to ignore authorization information from the server:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet
interface view.
interface interface-type
interface-number
N/A
3. Ignore the authorization
information received from the
authentication server.
port-security authorization ignore
By default, a port uses the
authorization information received
from the authentication server.
Enabling MAC move
MAC move allows 802.1X or MAC authenticated users to move between ports on a device. For example,
if an authenticated 802.1X user moves to another 802.1X-enabled port on the device, the authentication
session is deleted from the first port and the user is re-authenticated on the new port.
If MAC move is disabled and an 802.1X authenticated user moves to another port, it is not
re-authenticated.