R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

181

182

183

184

185

186

187

188

189

190

173

word Securit

mode

Descri

tion

userlogin-secure-or-mac

-ext

macAddressOrUserL

oginSecureExt

Similar to the macAddressOrUserLoginSecure mode

except that a port in this mode supports multiple 802.1X

and MAC authentication users.

userlogin-withoui userLoginWithOUI

Similar to the userLoginSecure mode. In addition, a port in

this mode also permits frames from a user whose MAC

address contains a specific OUI (organizationally unique

identifier).

• For wired users, the port performs 802.1X

authentication upon receiving 802.1X frames, and

performs OUI check upon receiving non-802.1X

frames.

• For wireless users, the port performs OUI check at first.

If the OUI check fails, the port performs 802.1X

authentication.

Usage guidelines

To change the security mode of a port security enabled port, you must set the port in noRestrictions mode

first. When the port has online users, you cannot change port security mode.

IMPORTANT:

If you are configuring the autoLearn mode, first set port security's limit on the number of MAC addresses

by using the port-security max-mac-count command. You cannot change the setting when the port is

operating in autoLearn mode.

When port security is enabled, you cannot manually enable 802.1X or MAC authentication, or change

the access control mode or port authorization state. The port security automatically modifies these

settings in different security modes.

The support of ports for security modes varies:

• The presharedKey, macAddressAndPresharedKey, and userLoginSecureExtOrPresharedKey modes

apply to only WLAN-BSS and WLAN-Ethernet ports.

• The autoLearn, secure, userLogin, and userloginWithOUI modes apply to only Layer 2 Ethernet

ports.

Table 16 Port security modes supported by different types of ports

Port t

e Su

orted securit

modes

Layer 2

Ethernet port

autolearn, mac-authentication, mac-else-userlogin-secure, mac-else-userlogin-secure-ext,

secure, userlogin, userlogin-secure, userlogin-secure-ext, userlogin-secure-or-mac,

userlogin-secure-or-mac-ext, userlogin-withoui

WLAN-BSS

port

mac-and-psk, mac-authentication, mac-else-userlogin-secure, mac-else-userlogin-secure-ext,

psk, userlogin-secure, userlogin-secure-ext, userlogin-secure-ext-or-psk,

userlogin-secure-or-mac, userlogin-secure-or-mac-ext

WLAN-Etherne

t port

mac-and-psk, mac-authentication, mac-else-userlogin-secure, mac-else-userlogin-secure-ext,

psk, userlogin-secure, userlogin-secure-ext, userlogin-secure-ext-or-psk,

userlogin-secure-or-mac, userlogin-secure-or-mac-ext

The following matrix shows the autoLearn, secure and userLogin modes on Layer 2 Ethernet ports and

router compatibility: