Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
181182183184185186187188189190
168
Performing MAC authentication
macAddressWithRadius: A port in this mode performs MAC authentication and services multiple users.
Performing a combination of MAC authentication and 802.1X authentication
macAddressOrUserLoginSecure
This mode is the combination of the macAddressWithRadius and userLoginSecure modes. The port
performs MAC authentication 30 seconds after receiving non-802.1X frames and performs
802.1X authentication upon receiving 802.1X frames.
macAddressOrUserLoginSecureExt
This mode is similar to the macAddressOrUserLoginSecure mode except that this mode supports
multiple 802.1X and MAC authentication users.
macAddressElseUserLoginSecure
This mode is the combination of the macAddressWithRadius and userLoginSecure modes, with
MAC authentication having a higher priority as the Else keyword implies. The port performs MAC
authentication 30 seconds after receiving non-802.1X frames.
macAddressElseUserLoginSecureExt
This mode is similar to the macAddressElseUserLoginSecure mode except that this mode supports
multiple 802.1X and MAC authentication users as the keyword Ext implies.
NOTE:
A
n OUI, as defined by the IEEE, is the first 24 bits of the MAC address, which uniquely identifies a device
v
endor.
Working with guest VLAN and Auth-Fail VLAN
An 802.1X guest VLAN is the VLAN that a user is in before initiating authentication.
An 802.1X Auth-Fail VLAN is the VLAN that a user is in after failing authentication.
For more information about 802.1X guest VLAN and Auth-Fail VLAN, see "Configuring 802.1X."
Configuration task list
Task Remarks
Enabling port security Required.
Setting port security's limit on the number of MAC addresses on a port Optional.
Setting the port security mode Required.
Configuring port security features:
Configuring NTK
Configuring intrusion protection
Enabling port security traps
Optional.
Configure one or more
features as required.
Configuring secure MAC addresses Optional.
Ignoring authorization information from the server Optional.