Port Security Overview 123
userLoginSecure MAC-based 802.1x
authentication is performed on
the access user. The port is
enabled only after the
authentication succeeds. When
the port is enabled, only the
packets of the successfully
authenticated user can pass
through the port.
In this mode, only one
802.1x-authenticated user is
allowed to access the port.
When the port changes from the
noRestriction mode to this
security mode, the system
automatically removes the
existing dynamic MAC address
entries and authenticated MAC
address entries on the port.
In any of these modes, the
device triggers the NTK and
Intrusion Protection features
upon detecting an illegal
packet or illegal event.
userLoginSecureExt This mode is similar to the
userLoginSecure mode, except
that there can be more than one
802.1x-authenticated user on the
port.
userLoginWithOUI This mode is similar to the
userLoginSecure mode, except
that, besides the packets of the
single 802.1x-authenticated user,
the packets whose source MAC
addresses have a particular OUI
are also allowed to pass through
the port.
When the port changes from the
normal mode to this security
mode, the system automatically
removes the existing
dynamic/authenticated MAC
address entries on the port.
macAddressWithRadius In this mode, MAC address-based
authentication is performed for
access users.
macAddressOrUserLogi
nSecure
IIn this mode, a port performs
MAC authentication or 802.1x
authentication of an access user.
If either authentication succeeds,
the user is authenticated.
In this mode, there can be only
one authenticated user on the
port.
macAddressOrUserLogi
nSecureExt
This mode is similar to the
macAddressOrUserLoginSecur
e mode, except that there can be
more than one authenticated user
on the port.
Table 77 Description of port security modes
Security mode Description Feature
To Next Page
Loading...
