3com S7906E Instruccion De Instalación
1-10
Configuring Secure MAC Addresses
Secure MAC addresses are special MAC addresses. They never age out or get lost if saved before the
device restarts. One secure MAC address can be added to only one port in the same VLAN. Thus, you
can bind a MAC address to one port in the same VLAN.
Secure MAC addresses can be:
z
Learned by a port working in autoLearn mode.
z
Manually configured through the command line interface (CLI) or management information base
(MIB).
When the maximum number of secure MAC addresses is reached, no more can be added. The port
allows only packets with the source MAC address being a secure MAC address.
Configuration Prerequisites
z
Enable port security
z
Set the maximum number of secure MAC addresses allowed on the port
z
Set the port security mode to autoLearn
Configuration Procedure
Follow these steps to configure a secure MAC address:
To do…
Use the command…
Remarks
Enter system view
system-view
—
In system
view
view
port-security mac-address
security mac-address interface
interface-type interface-number
vlan vlan-id
security mac-address interface
interface-type interface-number
vlan vlan-id
interface interface-type
interface-number
interface-number
Configure a
secure MAC
address
secure MAC
address
In interface
view
view
port-security mac-address
security mac-address vlan
vlan-id
security mac-address vlan
vlan-id
Required
Use either approach
No secure MAC address is
configured by default.
configured by default.
The configured secure MAC addresses are saved in the configuration file and will not get lost when the
port goes up or goes down. After you save the configuration file, the secure MAC address saved in the
configuration file are maintained even after the device restarts.
Ignoring Authorization Information from the Server
After an 802.1X user or MAC authenticated user passes RADIUS authentication, the RADIUS server
delivers the authorization information to the device. You can configure a port to ignore the authorization
information from the RADIUS server.
Follow these steps to configure a port to ignore the authorization information from the RADIUS server: