macAddressOrUserLoginSecureExt
•
This mode is similar to the macAddressOrUserLoginSecure mode except that this mode supports
multiple 802.1X and MAC authentication users.
macAddressElseUserLoginSecure
•
This mode is the combination of the macAddressWithRadius and userLoginSecure modes, with
MAC authentication having a higher priority as the Else keyword implies.
For wired users, the port performs MAC authentication upon receiving non-802.1X frames. Upon
receiving 802.1X frames, the port performs MAC authentication, and if the MAC authentication
fails, it performs 802.1X authentication.
macAddressElseUserLoginSecureExt
•
This mode is similar to the macAddressElseUserLoginSecure mode except that this mode supports
multiple 802.1X and MAC authentication users as the keyword Ext implies.
NOTE:
An OUI, as defined by the IEEE, is the first 24 bits of the MAC address, which uniquely identifies a device
vendor.
Working with guest VLAN and Auth-Fail VLAN
An 802.1X guest VLAN is the VLAN that a user is in before initiating authentication. An 802.1X Auth-Fail
VLAN or a MAC authentication guest VLAN is the VLAN that a user is in after failing authentication.
Support for the guest VLAN and Auth-Fail VLAN features varies with security modes.
You can use the 802.1X guest VLAN and 802.1X Auth-Fail VLAN features together with port security
•
modes that support 802.1X authentication. For more information about the 802.1X guest VLAN and
Auth-Fail VLAN on a port that performs MAC-based access control, see
You can use the MAC authentication VLAN feature together with security modes that support MAC
•
authentication. For more information about the MAC authentication guest VLAN, see
MAC
authentication."
•
If you configure both an 802.1X Auth-Fail VLAN and a MAC authentication guest VLAN on a port
that performs MAC-based access control, the 802.1X Auth-Fail VLAN has a higher priority.
Configuration task list
Task
Enabling port security
Setting port security's limit on the number of MAC addresses on a port
Setting the port security mode
Configuring port security
•
Configuring NTK
•
Configuring intrusion protection
•
Enabling port security traps
Configuring secure MAC addresses
Ignoring authorization information from the server
features:
169
"Configuring
802.1X."
"Configuring
Remarks
Required.
Optional.
Required.
Optional.
Configure one or more
features as required.
Optional.
Optional.