H3C Technologies H3C S3100 Series Switches User Manual

Page 174

Advertising
background image

1-3

Security mode

Description

Feature

userLoginSecure

MAC-based 802.1x authentication is
performed on the access user. The port is
enabled only after the authentication
succeeds. When the port is enabled, only the
packets of the successfully authenticated user
can pass through the port.

In this mode, only one 802.1x-authenticated
user is allowed to access the port.

When the port changes from the
noRestriction mode to this security mode, the
system automatically removes the existing
dynamic MAC address entries and
authenticated MAC address entries on the
port.

userLoginSecureExt

This mode is similar to the userLoginSecure
mode, except that there can be more than one
802.1x-authenticated user on the port.

userLoginWithOUI

This mode is similar to the userLoginSecure
mode, except that, besides the packets of the
single 802.1x-authenticated user, the packets
whose source MAC addresses have a
particular OUI are also allowed to pass
through the port.

When the port changes from the normal mode
to this security mode, the system
automatically removes the existing
dynamic/authenticated MAC address entries
on the port.

macAddressWithRa
dius

In this mode, MAC address–based
authentication is performed for access users.

macAddressOrUser
LoginSecure

In this mode, both MAC authentication and
802.1x authentication can be performed, but
802.1x authentication has a higher priority.

802.1x authentication can still be performed
on an access user who has passed MAC
authentication.

No MAC authentication is performed on an
access user who has passed 802.1x
authentication.

In this mode, there can be only one
802.1x-authenticated user on the port, but
there can be several MAC-authenticated
users.

macAddressOrUser
LoginSecureExt

This mode is similar to the
macAddressOrUserLoginSecure mode,
except that there can be more than one
802.1x-authenticated user on the port. .

macAddressElseUs
erLoginSecure

In this mode, a port performs MAC
authentication or 802.1x authentication of an
access user. If either authentication succeeds,
the user is authenticated.

In this mode, there can be only one
802.1x-authenticated user on the port, but
there can be several MAC-authenticated
users.

In any of these modes, the
device triggers the NTK
and Intrusion Protection
features upon detecting
an illegal packet or illegal
event.

Advertising
Popular Brands
Popular manuals