R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

171

172

173

174

175

176

177

178

179

180

164

This mode is similar to the userLoginSecure mode. The difference is that a port in this mode also

permits frames from one user whose MAC address contains a specific OUI.

{ For wired users, the port performs 802.1X authentication upon receiving 802.1X frames, and

performs OUI check upon receiving non-802.1X frames.

{ For wireless users, the port performs OUI check at first. If the OUI check fails, the port performs

802.1X authentication.

NOTE:

n OUI is a 24-bit number that uniquely identifies a vendor, manufacturer, or or

anization. In MAC

addresses, the first three octets are the OUI.

Performing MAC authentication

macAddressWithRadius: A port in this mode performs MAC authentication, and services multiple users.

Performing a combination of MAC authentication and 802.1X authentication

• macAddressOrUserLoginSecure.

This mode is the combination of the macAddressWithRadius and userLoginSecure modes. The

mode allows one 802.1X authentication user and multiple MAC authentication users to log in.

{ For wired users, the port performs MAC authentication upon receiving non-802.1X frames and

performs 802.1X authentication upon receiving 802.1X frames.

{ For wireless users, the port performs 802.1X authentication first. If 802.1X authentication fails,

MAC authentication is performed.

• macAddressOrUserLoginSecureExt.

This mode is similar to the macAddressOrUserLoginSecure mode, except that this mode supports

multiple 802.1X and MAC authentication users.

• macAddressElseUserLoginSecure.

This mode is the combination of the macAddressWithRadius and userLoginSecure modes, with

MAC authentication having a higher priority as the Else keyword implies. The mode allows one

802.1X authentication user and multiple MAC authentication users to log in.

For wireless users, the port performs MAC authentication upon receiving non-802.1X frames.

Upon receiving 802.1X frames, the port performs MAC authentication and then, if the

authentication fails, 802.1X authentication.

• macAddressElseUserLoginSecureExt.

This mode is similar to the macAddressElseUserLoginSecure mode except that this mode supports

multiple 802.1X and MAC authentication users as the keyword Ext implies.

Feature and hardware compatibility

The feature is available only on the following ports:

The ports on the HMIM-24GSW/24GSWP and HMIM-8GSW Layer 2 switching modules installed on

MSR routers.