HP 5920 Command Reference Manual page 143
Hide thumbs
Also See for 5920:
- Command reference manual (607 pages) ,
- Configuration manual (424 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
Keyword
userlogin-secure
userlogin-secure-ext
userlogin-secure-or-mac
userlogin-secure-or-mac
-ext
userlogin-withoui
Usage guidelines
To change the security mode of a port security enabled port, you must set the port in noRestrictions mode
first. When the port has online users, you cannot change port security mode.
IMPORTANT:
If you are configuring the autoLearn mode, first set port security's limit on the number of secure MAC
addresses by using the port-security max-mac-count command. You cannot change the setting when the
port is operating in autoLearn mode.
When port security is enabled, you cannot enable 802.1X or MAC authentication, or change the access
control mode or port authorization state. The port security automatically modifies these settings in
different security modes.
Examples
# Enable port security and configure port Ten-GigabitEthernet 1/0/1 to operate in secure mode.
<Sysname> system-view
[Sysname] port-security enable
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port-security port-mode secure
# Change the port security mode of port Ten-GigabitEthernet 1/0/1 to userLogin.
[Sysname-Ten-GigabitEthernet1/0/1] undo port-security port-mode
[Sysname-Ten-GigabitEthernet1/0/1] port-security port-mode userlogin
Security mode
userLoginSecure
userLoginSecureExt
macAddressOrUserL
oginSecure
macAddressOrUserL
oginSecureExt
userLoginWithOUI
131
Description
In this mode, a port performs 802.1X authentication and
implements MAC-based access control. It services only
one user passing 802.1X authentication.
Same as the userLoginSecure mode, except that this mode
supports multiple online 802.1X users.
This mode is the combination of the userLoginSecure and
macAddressWithRadius modes. It allows one 802.1X
authentication user and multiple MAC authentication users
to log in.
•
For wired users, the port performs MAC authentication
upon receiving non-802.1X frames and performs
802.1X authentication upon receiving 802.1X frames.
Same as the macAddressOrUserLoginSecure mode,
except that a port in this mode supports multiple 802.1X
and MAC authentication users.
Similar to the userLoginSecure mode. In addition, a port in
this mode also permits frames from a user whose MAC
address contains a specific OUI.
•
For wired users, the port performs 802.1X
authentication upon receiving 802.1X frames, and
performs an OUI check upon receiving non-802.1X
frames.
Advertisement
Table of Contents
