115
By default, sticky MAC addresses do not age out. Use the
port-security timer autolearn aging
command
to set an aging timer for sticky MAC addresses. When the timer expires, the sticky MAC addresses are
removed. This aging mechanism prevents the unauthorized use of a sticky MAC address when the
authorized user is offline, and it removes outdated secure MAC addresses so new secure MAC
addresses can be learned.
When the maximum number of secure MAC address entries is reached, the port changes to secure
mode, and no more secure MAC addresses can be added or learned. The port allows only frames
sourced from a secure MAC address or a MAC address configured with the
mac-address dynamic
or
mac-address static
command to pass through.
Configuration prerequisites
1.
Enable port security.
2.
Set port security’s limit on the number of MAC addresses on the port. Perform this task before you
enable autoLearn mode.
3.
Set the port security mode to autoLearn.
Configuration procedure
To configure a secure MAC address:
To do…
Use the command…
Remarks
1.
Enter system view.
system-view
—
2.
Set the sticky MAC aging
timer.
port-security timer autolearn aging
time-
value
Optional.
By default, sticky MAC
addresses do not age out,
and you can remove them
only by performing the
undo port-security mac-
address security
command, changing the
port security mode, or
disabling the port security
feature.
3.
Configure
a secure
MAC
address.
In system view
port-security
mac-address
security
[
sticky
]
mac-address
interface
interface-type
interface-number
vlan
vlan-id
Required.
Use either approach.
No secure MAC address
is configured by default.
In Layer 2
Ethernet
interface view
interface
interface-type
interface-number
port-security
mac-address
security
[
sticky
]
mac-address
vlan
vlan-id
Ignoring authorization information from the server
Authorization information is delivered by the RADIUS server to the device after an 802.1X user or MAC
authenticated user passes RADIUS authentication. You can configure a port to ignore the authorization
information from the RADIUS server.
To configure a port to ignore the authorization information from the RADIUS server:
Содержание A5830 Series
Страница 207: ...199 Figure 62 SFTP client interface ...