To do…

 

Use the command…

 

Remarks

 

Enter system view

 

system-view

 

 

 

 

 

 

 

 

 

 

port-security trap

 

 

 

Enable sending traps for the

 

{ addresslearned intrusion

 

Required

 

 

dot1xlogon dot1xlogoff

 

 

specified type of event

 

 

By default, no trap is sent.

 

 

dot1xlogfailure ralmlogon

 

 

 

 

ralmlogoff ralmlogfailure }

 

 

 

 

 

 

 

 

Ignoring the Authorization Information from the RADIUS Server

After an 802.1x user or MAC-authenticated user passes Remote Authentication Dial-In User Service (RADIUS) authentication, the RADIUS server delivers the authorization information to the device. You can configure a port to ignore the authorization information from the RADIUS server.

Follow these steps to configure a port to ignore the authorization information from the RADIUS server:

 

To do…

 

Use the command…

 

Remarks

 

Enter system view

 

system-view

 

 

 

 

 

 

 

 

Enter Ethernet port view

 

interface interface-type

 

 

 

interface-number

 

 

 

 

 

 

 

 

 

 

 

 

 

Ignore the authorization

 

 

 

Required

 

 

port-security authorization

 

By default, a port uses the

 

information from the RADIUS

 

 

 

 

ignore

 

authorization information from

 

server

 

 

 

 

 

 

the RADIUS server.

 

 

 

 

 

 

 

 

 

 

 

Configuring Security MAC Addresses

Security MAC addresses are special MAC addresses that never age out. One security MAC address can be added to only one port in the same VLAN so that you can bind a MAC address to one port in the same VLAN.

Security MAC addresses can be learned by the auto-learn function of port security or manually configured.

Before adding security MAC addresses to a port, you must configure the port security mode to autolearn. After this configuration, the port changes its way of learning MAC addresses as follows.

z

z

z

The port deletes original dynamic MAC addresses;

If the amount of security MAC addresses has not yet reach the maximum number, the port will learn new MAC addresses and turn them to security MAC addresses;

If the amount of security MAC addresses reaches the maximum number, the port will not be able to learn new MAC addresses and the port mode will be changed from autolearn to secure.

1-8

Page 145
Image 145
3Com WX3000 operation manual Configuring Security MAC Addresses