126
• Authentication—Implements MAC authentication, 802.1X authentication, or a combination of
the two authentication methods.
Upon receiving a frame, the port in a security mode searches the MAC address table for the source
MAC address. If a match is found, the port forwards the frame. If no match is found, the port learns
the MAC address or performs authentication, depending on the security mode. If the frame is illegal,
the port takes the pre-defined NTK, intrusion protection, or trapping action.
The maximum number of users a port supports equals the maximum number of MAC addresses that
port security allows or the maximum number of concurrent users the authentication mode in use
allows, whichever is smaller. For example, if 802.1X allows more concurrent users than port
security's limit on the number of MAC addresses on the port in userLoginSecureExt mode, port
security's limit takes effect.
Table 8 de
scribes the port security modes and the security features.
Table 8 Port security modes
Purpose Security mode
Features that can
be triggered
Turning off the port security
feature
noRestrictions (the default mode).
In this mode, port security is disabled on the port
and access to the port is not restricted.
N/A
Controlling MAC address
learning
autoLearn
NTK/intrusion
protection
secure
Performing 802.1X
authentication
userLogin N/A
userLoginSecure
NTK/intrusion
protection
userLoginSecureExt
userLoginWithOUI
Performing MAC authentication
macAddressWithRadius
NTK/intrusion
protection
Performing a combination of
MAC authentication and
802.1X authentication
Or
macAddressOrUserLoginSecure
NTK/intrusion
protection
macAddressOrUserLoginSecureExt
Else
macAddressElseUserLoginSecure
macAddressElseUserLoginSecureE
xt
TIP:
• userLogin specifies 802.1X authentication and port-based access control.
• macAddress specifies MAC authentication.
• Else specifies that the authentication method before Else is applied first. If the authentication
fails, whether to turn to the authentication method following Else depends on the protocol type o
the authentication request.
• Typically, in a security mode with Or, the authentication method to be used depends on the
protocol type of the authentication request. For wireless users, the network access device
always use 802.1X authentication first.
• userLogin with Secure specifies 802.1X authentication and MAC-based access control.
• Ext indicates allowing multiple 802.1X users to be authenticated and serviced at the same time.
A security mode without Ext allows only one user to pass 802.1X authentication.
To Next Page
Loading...
Need help?
General
