127
Controlling MAC address learning
• autoLearn
A port in this mode can learn MAC addresses, and allows frames from learned or configured
MAC addresses to pass. The automatically learned MAC addresses are secure MAC
addresses. You can also configure secure MAC addresses by using the port-security
mac-address security command. A secure MAC address never ages out by default.
When the number of secure MAC addresses reaches the upper limit, the port transitions to
secure mode.
The dynamic MAC address learning function in MAC address management is disabled on ports
operating in autoLearn mode, but you can configure MAC addresses by using the
mac-address dynamic and mac-address static commands.
• secure
MAC address learning is disabled on a port in secure mode. You configure MAC addresses by
using the mac-address static and mac-address dynamic commands. For more information
about configuring MAC address table entries, see HPE FlexNetwork MSR Router Series
Comware 5 Layer 2—LAN Switching Configuration Guide.
A port in secure mode allows only frames sourced from secure MAC addresses and manually
configured MAC addresses to pass.
Performing 802.1X authentication
• userLogin
A port in this mode performs 802.1X authentication and implements port-based access control.
The port can service multiple 802.1X users. Once an 802.1X user passes authentication on the
port, any subsequent 802.1X users can access the network through the port without
authentication.
• userLoginSecure
A port in this mode performs 802.1X authentication and implements MAC-based access control.
The port services only one user passing 802.1X authentication.
• userLoginSecureExt
This mode is similar to the userLoginSecure mode except that this mode supports multiple
online 802.1X users.
• userLoginWithOUI
This mode is similar to the userLoginSecure mode. The difference is that a port in this mode
also permits frames from one user whose MAC address contains a specific OUI.
{ For wired users, the port performs 802.1X authentication upon receiving 802.1X frames,
and performs OUI check upon receiving non-802.1X frames.
{ For wireless users, the port performs OUI check at first. If the OUI check fails, the port
performs 802.1X authentication.
NOTE:
An OUI is a 24-bit number that uniquely identifies a vendor, manufacturer, or organization. In
MAC addresses, the first three octets are the OUI.
Performing MAC authentication
macAddressWithRadius: A port in this mode performs MAC authentication and services multiple
users.
Performing a combination of MAC authentication and 802.1X authentication
• macAddressOrUserLoginSecure
This mode is the combination of the macAddressWithRadius and userLoginSecure modes.
To Next Page
Loading...
Need help?
General
