R3303-HP HSR6800 Routers Security Configuration Guide
168
Performing MAC authentication
macAddressWithRadius: A port in this mode performs MAC authentication and services multiple users.
Performing a combination of MAC authentication and 802.1X authentication
• macAddressOrUserLoginSecure
This mode is the combination of the macAddressWithRadius and userLoginSecure modes. The port
performs MAC authentication 30 seconds after receiving non-802.1X frames and performs
802.1X authentication upon receiving 802.1X frames.
• macAddressOrUserLoginSecureExt
This mode is similar to the macAddressOrUserLoginSecure mode except that this mode supports
multiple 802.1X and MAC authentication users.
• macAddressElseUserLoginSecure
This mode is the combination of the macAddressWithRadius and userLoginSecure modes, with
MAC authentication having a higher priority as the Else keyword implies. The port performs MAC
authentication 30 seconds after receiving non-802.1X frames.
• macAddressElseUserLoginSecureExt
This mode is similar to the macAddressElseUserLoginSecure mode except that this mode supports
multiple 802.1X and MAC authentication users as the keyword Ext implies.
NOTE:
A
n OUI, as defined by the IEEE, is the first 24 bits of the MAC address, which uniquely identifies a device
v
endor.
Working with guest VLAN and Auth-Fail VLAN
An 802.1X guest VLAN is the VLAN that a user is in before initiating authentication.
An 802.1X Auth-Fail VLAN is the VLAN that a user is in after failing authentication.
For more information about 802.1X guest VLAN and Auth-Fail VLAN, see "Configuring 802.1X."
Configuration task list
Task Remarks
Enabling port security Required.
Setting port security's limit on the number of MAC addresses on a port Optional.
Setting the port security mode Required.
Configuring port security features:
• Configuring NTK
• Configuring intrusion protection
• Enabling port security traps
Optional.
Configure one or more
features as required.
Configuring secure MAC addresses Optional.
Ignoring authorization information from the server Optional.