R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

201

202

203

204

205

206

207

208

209

210

196

word Securit

mode

Descri

tion

mac-else-userlogin-secu

re-ext

macAddressElseUserL

oginSecureExt

Similar to the macAddressElseUserLoginSecure mode

except that a port in this mode supports multiple 802.1X

and MAC authentication users.

secure secure

In this mode, MAC address learning is disabled on the port

and you can configure MAC addresses by using the

mac-address static and mac-address dynamic commands.

The port permits only frames sourced from secure MAC

addresses and MAC addresses you manually configured

by using the mac-address static and mac-address dynamic

commands.

userlogin userLogin

In this mode, a port performs 802.1X authentication and

implements port-based access control.

If one 802.1X user passes authentication, all the other

802.1X users of the port can access the network without

authentication.

userlogin-secure userLoginSecure

In this mode, a port performs 802.1X authentication and

implements MAC-based access control. It services only

one user passing 802.1X authentication.

userlogin-secure-ext userLoginSecureExt

Similar to the userLoginSecure mode except that this mode

supports multiple online 802.1X users.

userlogin-secure-or-mac

macAddressOrUserL

oginSecure

This mode is the combination of the userLoginSecure and

macAddressWithRadius modes. The port performs MAC

authentication upon 30 seconds after receiving

non-802.1X frames and performs 802.1X authentication

upon receiving 802.1X frames.

userlogin-secure-or-mac

-ext

macAddressOrUserL

oginSecureExt

Similar to the macAddressOrUserLoginSecure mode

except that a port in this mode supports multiple 802.1X

and MAC authentication users.

userlogin-withoui userLoginWithOUI

Similar to the userLoginSecure mode. In addition, a port in

this mode also permits frames from a user whose MAC

address contains a specific OUI (organizationally unique

identifier). The port performs 802.1X authentication upon

receiving 802.1X frames, and performs OUI check upon

receiving non-802.1X frames.

Usage guidelines

To change the security mode of a port security enabled port, you must set the port in noRestrictions mode

first. When the port has online users, you cannot change port security mode.

IMPORTANT:

If you are configuring the autoLearn mode, first set port security's limit on the number of MAC addresses

by using the port-security max-mac-count command. You cannot change the setting when the port is

operating in autoLearn mode.

When port security is enabled, you cannot manually enable 802.1X or MAC authentication, or change

the access control mode or port authorization state. The port security automatically modifies these

settings in different security modes.