HP 3600 v2 Series Configuration Manual page 212

TIP:
•
userLogin specifies 802.1X authentication and port-based access control.
•
macAddress specifies MAC authentication.
•
Else specifies that the authentication method before Else is applied first. If the authentication fails, whether to turn
to the authentication method following Else depends on the protocol type of the authentication request.
•
Typically, in a security mode with Or, the authentication method to be used depends on the protocol type of the
authentication request.
•
userLogin with Secure specifies 802.1X authentication and MAC-based access control.
•
Ext indicates allowing multiple 802.1X users to be authenticated and serviced at the same time. A security mode
without Ext allows only one user to pass 802.1X authentication.
Controlling MAC address learning
autoLearn
•
A port in this mode can learn MAC addresses, and allows frames from learned or configured
MAC addresses to pass. The automatically learned MAC addresses are secure MAC addresses.
You can also configure secure MAC addresses by using the port-security mac-address security
command. A secure MAC address never ages out by default.
When the number of secure MAC addresses reaches the upper limit, the port transitions to secure
mode.
The dynamic MAC address learning function in MAC address management is disabled on ports
operating in autoLearn mode, but you can configure MAC addresses by using the mac-address
dynamic and mac-address static commands.
• secure
MAC address learning is disabled on a port in secure mode. You configure MAC addresses by
using the mac-address static and mac-address dynamic commands. For more information about
configuring MAC address table entries, see Layer 2—LAN Switching Configuration Guide.
A port in secure mode allows only frames sourced from secure MAC addresses and manually
configured MAC addresses to pass.
Performing 802.1X authentication
userLogin
•
A port in this mode performs 802.1X authentication and implements port-based access control.
The port can service multiple 802.1X users. If one 802.1X user passes authentication, all the other
802.1X users of the port can access the network without authentication.
userLoginSecure
•
A port in this mode performs 802.1X authentication and implements MAC-based access control.
The port services only one user passing 802.1X authentication.
userLoginSecureExt
•
This mode is similar to the userLoginSecure mode except that this mode supports multiple online
802.1X users.
• userLoginWithOUI
This mode is similar to the userLoginSecure mode. The difference is that a port in this mode also
permits frames from one user whose MAC address contains a specific organizationally unique
identifier (OUI).
For wired users, the port performs 802.1X authentication upon receiving 802.1X frames, and
performs OUI check upon receiving non-802.1X frames.
199