3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

191

192

193

194

195

196

197

198

199

200

192 CHAPTER 24: PORT SECURITY CONFIGURATION

Tabl e 122 Description of port security modes

Security mode Description Feature

secure

In this mode, the port is disabled from learning MAC

addresses.

Only those packets whose source MAC addresses are

static MAC addresses configured can pass through

the port.

In the secure mode,

the device will trigger

NTK and intrusion

protection upon

detecting an illegal

packet.

userlogin

In this mode, port-based 802.1x authentication is

performed for access users.

In this mode, neither

NTK nor intrusion

protection will be

triggered.

userlogin-sec

ure

The port is enabled only after an access user passes

the 802.1x authentication. When the port is enabled,

only the packets of the successfully authenticated

user can pass through the port.

In this mode, only one 802.1x-authenticated user is

allowed to access the port.

When the port changes from the normal mode to

this security mode, the system automatically removes

the existing dynamic MAC address entries and

authenticated MAC address entries on the port.

In any of these modes,

the device will trigger

NTK and intrusion

protection upon

detecting an illegal

packet.

userlogin-wit

houi

This mode is similar to the userlogin-secure mode,

except that, besides the packets of the single

802.1x-authenticated user, the packets whose source

MAC addresses have a particular OUI are also

allowed to pass through the port.

When the port changes from the normal mode to

this security mode, the system automatically removes

the existing dynamic/authenticated MAC address

entries on the port.

mac-authentic

ation

In this mode, MAC address-based authentication is

performed for access users.

userlogin-sec

ure-or-mac

In this mode, the two kinds of authentication in

mac-authentication and userlogin-secure modes

can be performed simultaneously. If both kinds of

authentication succeed, the userlogin-secure mode

takes precedence over the mac-authentication

mode.

userlogin-sec

ure-else-mac

In this mode, first the MAC-based authentication is

performed. If this authentication succeeds, the

mac-authentication mode is adopted, or else, the

authentication in userlogin-secure mode is

performed.

userlogin-sec

ure-ext

This mode is similar to the userlogin-secure mode,

except that there can be more than one

802.1x-authenticated user on the port.

userlogin-sec

ure-or-mac-ex

This mode is similar to the userlogin-secure-or-mac

mode, except that there can be more than one

802.1x-authenticated user on the port.

userlogin-sec

ure-else-mac-

ext

This mode is similar to the

mac-else-userlogin-secure mode, except that there

can be more than one 802.1x-authenticated user on

the port.