126 CHAPTER 12: PORT SECURITY CONFIGURATION
n
■ Assume that, in the macAddressOrUserLoginSecureExt port security mode,
you have configured to allow up to n authenticated users to access the
network. When all of these n authenticated users are connected to the
network and one or more of them are MAC-authenticated, to perform 802.1x
authentication on the MAC-authenticated user(s), the number of maximum
MAC addresses allowed on the port must be set to n + 1. Similarly, in the case
of the macAddressOrUserLoginSecure security mode, the maximum number
of MAC addresses allowed on the port must be set to 2.
■ In the macAddressAndUserLoginSecureExt port security mode, to allow up
to n authenticated users to be connected to the network at the same time and
the nth user to be 802.1x-authenticated, the maximum number of MAC
addresses allowed on the port must be set to at least n + 1. Similarly, in the
case of the macAddressAndUserLoginSecure security mode, the maximum
number of MAC addresses allowed on the port must be set to 2.
Setting the Port Security
Mode
n
■ Before setting the port security mode to autolearn, you need to set the
maximum number of MAC addresses allowed on the port with the
port-security max-mac-count command.
■ When the port operates in the autoLearn mode, you cannot change the
maximum number of MAC addresses allowed on the port.
Set the maximum number of
MAC addresses allowed on
the port
port-security
max-mac-count count-value
Required
Not limited by default
Table 80 Set the maximum number of MAC addresses allowed on a port
Operation Command Remarks
Tabl e 81 Set the port security mode
Operation Command Remarks
Enter system view system-view -
Set the OUI value for user
authentication
port-security oui OUI-value
index index-value
Optional
In userLoginWithOUI mode,
a port supports one 802.1x
user plus one user whose
source MAC address has a
specified OUI value.
Enter Ethernet port view interface interface-type
interface-number
-
Set the port security mode port-security port-mode {
autolearn |
mac-and-userlogin-secure |
mac-and-userlogin-secure-
ext | mac-authentication |
mac-else-userlogin-secure |
mac-else-userlogin-secure-
ext | secure | userlogin |
userlogin-secure |
userlogin-secure-ext |
userlogin-secure-or-mac |
userlogin-secure-or-mac-ex
t | userlogin-withoui }
Required
By default, a port operates in
noRestriction mode. In this
mode, access to the port is
not restricted.
You can set a port security
mode as needed.
To Next Page
Loading...
