Working With Guest Vlan And Auth-Fail Vlan; Port Security Configuration Task List - HP 3600 v2 Series Security Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
This mode is the combination of the macAddressWithRadius and userLoginSecure modes, with MAC
authentication having a higher priority as the Else keyword implies.
For non-802.1X frames, a port in this mode performs only MAC authentication. For 802.1X frames, it
performs MAC authentication and then, if the authentication fails, 802.1X authentication.
macAddressElseUserLoginSecureExt
4.
This mode is similar to the macAddressElseUserLoginSecure mode except that a port in this mode
supports multiple 802.1X and MAC authentication users as the keyword Ext implies.
NOTE:
The maximum number of users a port supports equals the maximum number of MAC addresses that
•
port security allows or the maximum number of concurrent users the authentication mode in use allows,
whichever is smaller. For example, if 802.1X allows less concurrent users than port security's limit on the
number of MAC addresses on the port in userLoginSecureExt mode, port security's limit takes effect.
An OUI, as defined by the IEEE, is the first 24 bits of the MAC address, which uniquely identifies a device
•
vendor.
Working with guest VLAN and Auth-Fail VLAN
An 802.1X guest VLAN is the VLAN that a user is in before initiating authentication. An 802.1X Auth-Fail
VLAN or a MAC authentication guest VLAN is the VLAN that a user is in after failing authentication.
Support for the guest VLAN and Auth-Fail VLAN features varies with security modes.
You can use the 802.1X guest VLAN and 802.1X Auth-Fail VLAN features together with port security
•
modes that support 802.1X authentication. For more information about the 802.1X guest VLAN and
Auth-Fail VLAN on a port that performs MAC-based access control, see the chapter "802.1X
configuration."
•
You can use the MAC authentication VLAN feature together with security modes that support MAC
authentication. For more information about the MAC authentication guest VLAN, see the chapter
"MAC authentication configuration."
If you configure both an 802.1X Auth-Fail VLAN and a MAC authentication guest VLAN on a port
•
that performs MAC-based access control, the 802.1X Auth-Fail VLAN has a higher priority.
Port security configuration task list
Complete the following tasks to configure port security:
Task
Enabling port security
Setting port security's limit on the number of MAC addresses on a port
Setting the port security mode
Configuring port security
features
Configuring secure MAC addresses
Ignoring authorization information from the server
Configuring NTK
Configuring intrusion protection
Enabling port security traps
203
Remarks
Required
Optional
Required
Optional
Configure one or more features
as required.
Optional
Optional
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
