R2511-HP MSR Router Series Security Configuration Guide(V5)
137
Ste
p
Command
Remarks
6. Enable the dynamic
secure MAC function.
port-security mac-address dynamic
Optional.
By default, sticky MAC addresses
can be saved to the configuration
file, and once saved, can survive a
device reboot.
Configuring port security for WLAN ports
Table 11 describes the key negotiation and PSK requirements for different port security modes on WLAN
ports.
Table 11 Port security configuration for WLAN ports
Port securit
y
mode Descri
p
tion
presharedKey, userLoginSecureExt,
userLoginSecureExtOrPresharedKey, and
macAddressAndPresharedKey
On WPA or RSN networks using any of these modes, key
negotiation must be enabled.
• In presharedKeyand macAddressAndPresharedKey modes,
you need to configure the PSK.
• In userLoginSecureExt mode, you do not need to configure the
PSK.
• In userLoginSecureExtOrPresharedKey mode, you can
determine whether to configure any PSK.
Port security modes other than
presharedKey,
userLoginSecureExtOrPresharedKey, and
macAddressAndPresharedKey
No key negotiation is performed and you do not need to enable
key negotiation.
For more information about WLAN service templates, see WLAN Configuration Guide.
By default, an 802.1X-enabled access device periodically multicasts Identity EAP-Request packets out of
ports to detect 802.1X clients and trigger authentication. To save the bandwidth of WLAN ports, HP
recommends that you disable the multicast trigger function (see "Configuring 802.1X").
Setting the port security mode of a WLAN port
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Set a port security mode for
the WLAN port.
port-security port-mode
{ mac-and-psk |
mac-authentication |
mac-else-userlogin-secure |
mac-else-userlogin-secure-ext |
psk | userlogin-secure |
userlogin-secure-ext |
userlogin-secure-ext-or-psk |
userlogin-secure-or-mac |
userlogin-secure-or-mac-ext }
By default, a port operates in
noRestrictions mode.