HPE FlexNetwork 7500 Series Security Configuration Manual page 255

# Use MAC-based accounts for MAC authentication. Each MAC address must be in the
hexadecimal notation with hyphens, and letters are in upper case.
[Device] mac-authentication user-name-format mac-address with-hyphen uppercase
# Specify the MAC authentication domain.
[Device] mac-authentication domain sun
# Set the 802.1X authentication method to CHAP. By default, the authentication method for
802.1X is CHAP.
[Device] dot1x authentication-method chap
# Set port security's limit on the number of MAC addresses to 64 on the port.
[Device] interface gigabitethernet 1/0/1
[Device-GigabitEthernet1/0/1] port-security max-mac-count 64
# Set the port security mode to macAddressElseUserLoginSecure.
[Device-GigabitEthernet1/0/1] port-security port-mode mac-else-userlogin-secure
# Specify ISP domain sun as the mandatory authentication domain for 802.1X users.
[Device-GigabitEthernet1/0/1] dot1x mandatory-domain sun
# Set the NTK mode of the port to ntkonly.
[Device-GigabitEthernet1/0/1] port-security ntk-mode ntkonly
[Device-GigabitEthernet1/0/1] quit
Verifying the configuration
# Verify the port security configuration.
[Device] display port-security interface gigabitethernet 1/0/1
Global port security parameters:
Port security
AutoLearn aging time
Disableport timeout
MAC move
Authorization fail
NAS-ID profile
Dot1x-failure trap
Dot1x-logon trap
Dot1x-logoff trap
Intrusion trap
Address-learned trap
Mac-auth-failure trap
Mac-auth-logon trap
Mac-auth-logoff trap
OUI value list
GigabitEthernet1/0/1 is link-up
Port mode
NeedToKnow mode
Intrusion protection mode
Security MAC address attribute
Learning mode
Aging type
Max secure MAC addresses
Current secure MAC addresses
Authorization
: Enabled
: 30 min
: 30 s
: Denied
: Online
: Not configured
: Disabled
: Disabled
: Disabled
: Disabled
: Disabled
: Disabled
: Disabled
: Disabled
: macAddressElseUserLoginSecure
: NeedToKnowOnly
: NoAction
: Sticky
: Periodical
: 64
: 0
: Permitted
241