Port security configuration task list – H3C Technologies H3C S3100 Series Switches User Manual
Page 175
1-4
Security mode
Description
Feature
macAddressElseUs
erLoginSecureExt
This mode is similar to the
macAddressElseUserLoginSecure mode,
except that there can be more than one
802.1x-authenticated user on the port.
macAddressAndUs
erLoginSecure
In this mode, a port firstly performs MAC
authentication for a user and then performs
802.1x authentication for the user if the user
passes MAC authentication. The user can
access the network after passing the two
authentications.
In this mode, up to one user can access the
network.
macAddressAndUs
erLoginSecureExt
This mode is similar to the
macAddressAndUserLoginSecure mode,
except that more than one user can access
the network.
z
When the port operates in the userlogin-withoui mode, Intrusion Protection will not be triggered
even if the OUI address does not match.
z
In the macAddressElseUserLoginSecure or macAddressElseUserLoginSecureExt security mode,
the MAC address of a user failing MAC authentication is set as a quiet MAC address. If the user
initiates 802.1x authentication during the quiet period, the switch does not authenticate the user.
z
A port with port security configured permits all ordinary Layer 2 packets to be forwarded whose
source MAC addresses are dynamic ones configured on the port.
Port Security Configuration Task List
Complete the following tasks to configure port security:
Task
Remarks
Required
Setting the Maximum Number of MAC Addresses Allowed on a Port
Optional
Setting the Port Security Mode
Required
Configuring intrusion protection
Configuring Port Security
Features
Optional
Choose one or more features
as required.
Configuring Guest VLAN for a Port in
macAddressOrUserLoginSecure mode
Optional
Ignoring the Authorization Information from the RADIUS Server
Optional
Configuring Security MAC Addresses
Optional