HP 5120 SI Series Security Configuration Manual page 185
Hide thumbs
Also See for 5120 SI Series:
- Command reference manual (395 pages) ,
- Installation manual (48 pages) ,
- Specification (33 pages)
Table of Contents
Advertisement
On the port, if you want to...
authentication and 802.1X
authentication
TIP:
These security mode naming rules may help you remember the modes:
•
userLogin specifies 802.1X authentication and port-based access control.
•
macAddress specifies MAC address authentication.
•
Else specifies that the authentication method before Else is applied first. If the authentication fails, whether to
turn to the authentication method following Else depends on the protocol type of the authentication request.
•
In a security mode with Or, which authentication method is to be used depends on the protocol type of the
authentication request.
•
userLogin with Secure specifies 802.1X authentication and MAC-based access control.
•
Ext indicates allowing multiple 802.1X users to be authenticated and serviced at the same time. A security
mode without Ext allows only one user to pass 802.1X authentication.
Control MAC address learning
1.
autoLearn
A port in this mode can learn MAC addresses, and allows frames from learned or configured MAC
addresses to pass. The automatically learned MAC addresses are secure MAC addresses. You can also
configure secure MAC addresses by using the port-security mac-address security command. A secure
MAC address never ages out by default.
In addition, you can configure MAC addresses manually by using the mac-address dynamic and
mac-address static commands for a port in autoLearn mode.
When the number of secure MAC addresses reaches the upper limit, the port transitions to secure mode.
On a port operating in autoLearn mode, the dynamic MAC address learning function in MAC address
management is disabled.
2.
secure
MAC address learning is disabled on a port in secure mode. You can configure MAC addresses by using
the mac-address static and mac-address dynamic commands.
A port in secure mode allows only frames sourced from secure MAC addresses and MAC addresses
manually configured to pass.
Perform 802.1X authentication
1.
userLogin
A port in this mode performs 802.1X authentication and implements port-based access control. The port
can service multiple 802.1X users. If one 802.1X user passes authentication, all the other 802.1X users of
the port can access the network without authentication.
2.
userLoginSecure
A port in this mode performs 802.1X authentication and implements MAC-based access control. The port
services only one user passing 802.1X authentication.
3.
userLoginSecureExt
Use the security mode...
macAddressOrUserLoginSecureExt
macAddressElseUserLoginSecure
Else
macAddressElseUserLoginSecureExt
173
Features that can be
triggered
protection
Advertisement
Table of Contents
Troubleshooting
