124 CHAPTER 12: PORT SECURITY CONFIGURATION
n
■ When the port operates in the userlogin-withoui mode, Intrusion Protection
will not be triggered even if the OUI address does not match.
■ In the macAddressElseUserLoginSecure or
macAddressElseUserLoginSecureExt security mode, the MAC address of a
user failing MAC authentication is set as a quiet MAC address. If the user
initiates 802.1x authentication during the quiet period, the switch does not
authenticate the user.
Port Security
Configuration
macAddressElseUserLo
ginSecure
MAC authentication is performed
first on the access user. If the
MAC authentication succeeds,
the access user has the
accessibility; otherwise, 802.1x
authentication is performed on
the access user.
In this mode, there can be only
one authenticated user on the
port.
macAddressElseUserLo
ginSecureExt
This mode is similar to the
macAddressElseUserLoginSecu
re mode, except that there can be
more than one authenticated user
on the port.
macAddressAndUserLo
ginSecure
To perform 802.1x authentication
on the access user, MAC
authentication must be
performed first. 802.1x
authentication can be performed
on the access user only if MAC
authentication succeeds.
In this mode there can be only
one authenticated user on the
port.
macAddressAndUserLo
ginSecureExt
This mode is similar to the
macAddressAndUserLoginSec
ure mode, except that there can
be more than one authenticated
user on the port.
Table 77 Description of port security modes
Security mode Description Feature
Tabl e 78 Port security configuration tasks
Task Remarks
“Enabling Port Security” Required
“Setting the Maximum Number of MAC Addresses
Allowed on a Port”
Optional
“Setting the Port Security Mode” Required
“Configuring
Port Security
Features”
“Configuring the NTK feature” Optional
Choose one or more features as
required.
“Configuring intrusion protection”
“Configuring the Trap feature”
“Ignoring the Authorization Information from the
RADIUS Server”
Optional
To Next Page
Loading...
