1-8
To do… Use the command… Remarks
Enter system view
system-view
—
Enable sending traps for the
specified type of event
port-security trap
{ addresslearned | intrusion |
dot1xlogon | dot1xlogoff |
dot1xlogfailure | ralmlogon |
ralmlogoff | ralmlogfailure }
Required
By default, no trap is sent.
Ignoring the Authorization Information from the RADIUS Server
After an 802.1x user or MAC-authenticated user passes Remote Authentication Dial-In User Service
(RADIUS) authentication, the RADIUS server delivers the authorization information to the device. You
can configure a port to ignore the authorization information from the RADIUS server.
Follow these steps to configure a port to ignore the authorization information from the RADIUS server:
To do… Use the command… Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Ignore the authorization
information from the RADIUS
server
port-security authorization
ignore
Required
By default, a port uses the
authorization information from
the RADIUS server.
Configuring Security MAC Addresses
Security MAC addresses are special MAC addresses that never age out. One security MAC address
can be added to only one port in the same VLAN so that you can bind a MAC address to one port in the
same VLAN.
Security MAC addresses can be learned by the auto-learn function of port security or manually
configured.
Before adding security MAC addresses to a port, you must configure the port security mode to
autolearn. After this configuration, the port changes its way of learning MAC addresses as follows.
z The port deletes original dynamic MAC addresses;
z If the amount of security MAC addresses has not yet reach the maximum number, the port will
learn new MAC addresses and turn them to security MAC addresses;
z If the amount of security MAC addresses reaches the maximum number, the port will not be able to
learn new MAC addresses and the port mode will be changed from autolearn to secure.
