HPE FlexNetwork HSR6800 Security Command Reference page 199
Hide thumbs
Also See for FlexNetwork HSR6800:
- Configuration manual (503 pages) ,
- Command reference manual (153 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Keyword
mac-else-userlogin-s
ecure
mac-else-userlogin-s
ecure-ext
secure
userlogin
userlogin-secure
userlogin-secure-ext
userlogin-secure-or-
mac
userlogin-secure-or-
mac-ext
userlogin-withoui
Usage guidelines
To change the security mode of a port security enabled port, you must set the port in noRestrictions
mode first. When the port has online users, you cannot change port security mode.
IMPORTANT:
If you are configuring the autoLearn mode, first set port security's limit on the number of MAC
addresses by using the port-security max-mac-count command. You cannot change the setting
when the port is operating in autoLearn mode.
Security mode
Description
This mode is the combination of the
macAddressWithRadius and userLoginSecure modes,
with MAC authentication having a higher priority.
•
macAddressElseUse
rLoginSecure
•
Similar to the macAddressElseUserLoginSecure mode
macAddressElseUse
except that a port in this mode supports multiple 802.1X
rLoginSecureExt
and MAC authentication users.
In this mode, MAC address learning is disabled on the
port and you can configure MAC addresses by using the
mac-address static and mac-address dynamic
commands.
secure
The port permits only frames sourced from secure MAC
addresses and MAC addresses you manually configured
by using the mac-address static and mac-address
dynamic commands.
In this mode, a port performs 802.1X authentication and
implements port-based access control.
userLogin
If one 802.1X user passes authentication, all the other
802.1X users of the port can access the network without
authentication.
In this mode, a port performs 802.1X authentication and
userLoginSecure
implements MAC-based access control. It services only
one user passing 802.1X authentication.
Similar to the userLoginSecure mode except that this
userLoginSecureExt
mode supports multiple online 802.1X users.
This mode is the combination of the userLoginSecure
and macAddressWithRadius modes. The port performs
macAddressOrUserL
MAC authentication upon 30 seconds after receiving
oginSecure
non-802.1X frames and performs 802.1X authentication
upon receiving 802.1X frames.
Similar to the macAddressOrUserLoginSecure mode
macAddressOrUserL
except that a port in this mode supports multiple 802.1X
oginSecureExt
and MAC authentication users.
Similar to the userLoginSecure mode. In addition, a port
in this mode also permits frames from a user whose MAC
address contains a specific OUI (organizationally unique
userLoginWithOUI
identifier). The port performs 802.1X authentication upon
receiving 802.1X frames, and performs OUI check upon
receiving non-802.1X frames.
186
A port in this mode performs MAC authentication 30
seconds after receiving a non-802.1X frame.
Upon receiving an 802.1X frame, the port performs
MAC authentication and then, if MAC authentication
fails, 802.1X authentication.
Advertisement
Table of Contents
