H3C Technologies H3C WX6000 Series Access Controllers User Manual

31-13

Table 31-4 Configuration items of security configuration of clear type wireless service

Item

Description

Authentication
Type

For the clear type wireless service, you can select Open-System only.

Port Mode

mac-authentication: Performs MAC address authentication on users.

mac-else-userlogin-secure: This mode is the combination of the mac-authentication and
userlogin-secure modes, with MAC authentication having a higher priority. Upon receiving
a non-802.1X frame, a port in this mode performs only MAC authentication; upon receiving
an 802.1X frame, the port performs MAC authentication and then, if MAC authentication
fails, 802.1X authentication.

mac-else-userlogin-secure-ext: This mode is similar to the mac-else-userlogin-secure
mode, except that it supports multiple 802.1X and MAC authentication users on the port.

userlogin-secure: In this mode, port-based 802.1X authentication is performed for users;
multiple 802.1X authenticated users can access the port, but only one user can be online.

userlogin-secure-or-mac: This mode is the combination of the userlogin-secure and
mac-authentication modes, with 802.1X authentication having a higher priority. For a
wireless user, 802.1X authentication is performed first. If 802.1X authentication fails, MAC
authentication is performed.

userlogin-secure-or-mac-ext: This mode is similar to the userlogin-secure-or-mac mode,
except that it supports multiple 802.1X and MAC authentication users on the port.

userlogin-secure-ext: In this mode, a port performs 802.1X authentication on users in
macbased mode and supports multiple 802.1X users.

There are multiple security modes. To remember them easily, follow these rules to understand
part of the port security mode names:

userLogin indicates port-based 802.1X authentication.

macAddress indicates MAC address authentication.

The authentication mode before Else is used preferentially. If the authentication fails, the
authentication after Else may be used depending on the protocol type of the packets to be
authenticated.

The authentication mode before Or and that after Or have the same priority. The device
determines the authentication mode according to the protocol type of the packets to be
authenticated. For wireless users, the 802.1X authentication mode is used preferentially.

userLogin together with Secure indicates MAC-based 802.1X authentication.

A security mode with Ext allows multiple 802.1X users to pass the authentication. A
security mode without Ext allows only one 802.1X user to pass the authentication.

Max User

Maximum number of users that can be connected to the network through a specific port.

1) Configuring

mac-authentication

Figure 31-14 mac-authentication port security configuration page