128
{ For wired users, the port performs MAC authentication 30 seconds after receiving
non-802.1X frames and performs 802.1X authentication upon receiving 802.1X frames.
{ For wireless users, the port performs 802.1X authentication first. If 802.1X authentication
fails, MAC authentication is performed.
• macAddressOrUserLoginSecureExt
This mode is similar to the macAddressOrUserLoginSecure mode except that this mode
supports multiple 802.1X and MAC authentication users.
• macAddressElseUserLoginSecure
This mode is the combination of the macAddressWithRadius and userLoginSecure modes, with
MAC authentication having a higher priority as the Else keyword implies.
{ For wired users, the port performs MAC authentication 30 seconds after receiving
non-802.1X frames.
{ For wireless users, the port performs MAC authentication upon receiving non-802.1X
frames. Upon receiving 802.1X frames, the port performs MAC authentication, and if the
MAC authentication fails, it performs 802.1X authentication.
• macAddressElseUserLoginSecureExt
This mode is similar to the macAddressElseUserLoginSecure mode except that this mode
supports multiple 802.1X and MAC authentication users as the keyword Ext implies.
Support for WLAN
CAUTION:
Do not configure static MAC address entries for wireless users that use the 802.1X or MAC
authentication service. If the source MAC address and the VLAN of a wireless user match a static
MAC address entry in the MAC address table, the user cannot pass 802.1X authentication or MAC
authentication.
Table 9 describes the port security modes that apply only to WLAN ports. These port security modes
implements wireless access security at the link layer.
Table 9 Port security modes for WLAN ports
Security mode Description
Features that can be
triggered
presharedKey
A user must use a pre-configured static key, also called
"the pre-shared key (PSK)," to negotiate the session key
with the device and can access the network only after the
negotiation succeeds.
NTK/intrusion protection
macAddressAnd
PresharedKey
A user must pass MAC authentication and then use the
pre-configured PSK to negotiate with the device. Only
when the negotiation succeeds, can the user access the
network.
userLoginSecure
ExtOrPreshared
Key
A user interacts with the device, choosing the
UserLoginSecure mode or using the PSK to negotiate
with the device.
PSK users refer to users that have passed authentication in presharedKey mode. The maximum
number of PSK users on a port varies with security modes.
• presharedKey mode—The maximum number of PSK users on the port is the port specification
limit on the number of wireless users or port security's limit on the number of MAC addresses,
whichever is smaller. The actual maximum number of PSK users on the port also depends on
the total number of PSK users that the system can support.
To Next Page
Loading...
Need help?
General
