Port Security Configuration Task List; Enabling Port Security - H3C S5600 SERIES Operation Manual

Security mode
macAddressElseUs
erLoginSecureExt
macAddressAndUs
erLoginSecure
macAddressAndUs
erLoginSecureExt
When the port operates in the userlogin-withoui mode, Intrusion Protection will not be triggered
even if the OUI address does not match.
On a port operating in either the macAddressElseUserLoginSecure mode or the
macAddressElseUserLoginSecureExt mode, Intrusion Protection is triggered only after both
MAC-based authentication and 802.1x authentication on the same packet fail.

Port Security Configuration Task List

Complete the following tasks to configure port security:

Enabling Port Security

Setting the Maximum Number of MAC Addresses Allowed on a Port
Setting the Port Security Mode
Configuring Port
Security
Features
Ignoring the Authorization Information from the RADIUS Server
Configuring Security MAC Addresses
Enabling Port Security
Configuration Prerequisites
Before enabling port security, you need to disable 802.1x and MAC authentication globally.
Description
This mode is similar to the
macAddressElseUserLoginSecure mode,
except that there can be more than one
802.1x-authenticated user on the port.
In this mode, a port firstly performs MAC
authentication for a user and then performs
802.1x authentication for the user if the user
passes MAC authentication. The user can
access the network after passing the two
authentications.
In this mode, up to one user can access the
network.
This mode is similar to the
macAddressAndUserLoginSecure mode,
except that more than one user can access the
network.
Task
Configuring the NTK feature
Configuring intrusion protection
Configuring the Trap feature
1-4
Feature
Remarks
Required
Optional
Required
Optional
Choose one or
more features as
required.
Optional
Optional