R0106-HP MSR Router Series Security Command Reference(V7)
201
Predefined user roles
network-admin
Parameters
Ke
y
word Securit
y
mode
Descri
p
tion
autolearn autoLearn
A port in this mode can learn MAC addresses. The
automatically learned MAC addresses are not added to
the MAC address table as dynamic MAC address but to
the secure MAC address table as secure MAC addresses.
You can also configure secure MAC addresses by using
the port-security mac-address security command.
A port in autoLearn mode allows frames sourced from
secure MAC addresses and MAC addresses configured
by using the mac-address dynamic and mac-address static
commands to pass.
When the number of secure MAC addresses reaches the
upper limit set by the port-security max-mac-count
command, the port changes to secure mode.
mac-authentication
macAddressWithRad
ius
In this mode, a port performs MAC authentication for users
and services multiple users.
mac-else-userlogin-secu
re
macAddressElseUserL
oginSecure
This mode is the combination of the
macAddressWithRadius and userLoginSecure modes, with
MAC authentication having a higher priority. In this mode,
the port allows one 802.1X authentication user and
multiple MAC authentication users to log in.
• Upon receiving a non-802.1X frame, a port in this
mode performs only MAC authentication.
• Upon receiving an 802.1X frame, the port performs
MAC authentication and then, if MAC authentication
fails, 802.1X authentication.
mac-else-userlogin-secu
re-ext
macAddressElseUserL
oginSecureExt
Same as the macAddressElseUserLoginSecure mode
except that a port in this mode supports multiple 802.1X
and MAC authentication users.
secure
secure
In this mode, MAC address learning is disabled on the port
and you can configure MAC addresses by using the
mac-address static and mac-address dynamic commands.
The port permits only frames sourced from secure MAC
addresses and MAC addresses you manually configured
by using the mac-address static and mac-address dynamic
commands.
userlogin userLogin
In this mode, a port performs 802.1X authentication and
implements port-based access control.
If one 802.1X user passes authentication, all the other
802.1X users of the port can access the network without
authentication.
userlogin-secure userLoginSecure
In this mode, a port performs 802.1X authentication and
implements MAC-based access control. the port services
only one user passing 802.1X authentication.
userlogin-secure-ext userLoginSecureExt
Same as the userLoginSecure mode, except that this mode
supports multiple online 802.1X users.