EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #142 background imageLoading...
Page #142 background image
129
• macAddressAndPresharedKey mode—The maximum number of PSK users on the port is
the MAC authentication feature's limit on the number of concurrent users or port security's limit
on the number of MAC addresses, whichever is smaller. The actual maximum number of PSK
users on the port also depends on the total number of PSK users that the system can support.
• userLoginSecureExtOrPresharedKey mode—The number of PSK users on the port cannot
exceed the port limit on the number of wireless users, the number of 802.1X users cannot
exceed the 802.1X feature's limit on the number of concurrent users, and the total number of
PSK and 802.1X users cannot exceed port security's limit on the number of MAC addresses on
the port. The maximum number of PSK or 802.1X users also depends on the system
specification.
Working with guest VLAN and Auth-Fail VLAN
An 802.1X guest VLAN is the VLAN that a user is in before initiating authentication.
An 802.1X Auth-Fail VLAN is the VLAN that a user is in after failing authentication.
You can use the 802.1X guest VLAN and 802.1X Auth-Fail VLAN features together with port security
modes that support 802.1X authentication. For more information about the 802.1X guest VLAN and
Auth-Fail VLAN on a port that performs MAC-based access control, see "Configuring 802.1X."
Configuration task list
Task Remarks
Enabling port security
Required.
Setting port security's limit on the number of MAC addresses on a port
Optional.
Setting the port security mode
Required.
Configuring port security features
:
• Configuring NTK
• Configuring intrusion protection
• Enabling port security traps
Optional.
Confi
gure one or more
features as required.
Configuring secure MAC addresses
Optional.
Configuring port security for WLAN ports
:
• Setting the port security mode of a WLAN port
• Enabling key negotiation
• Configuring a PSK
Req
uired for WLAN
ports.
Ignoring authorization information from the server
Optional.
Enabling port security
When port security is enabled, you cannot manually enable 802.1X or MAC authentication, or
change the access control mode or port authorization state. The port security automatically modifies
these settings in different security modes.
Before you enable port security, disable 802.1X and MAC authentication globally.
To enable port security:

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals