On the port, if you want to...
These security mode naming rules may help you remember the modes:
userLogin specifies 802.1X authentication and port-based access control.
macAddress specifies MAC address authentication.
Else specifies that the authentication method before Else is applied first. If the authentication fails, whether
to turn to the authentication method following Else depends on the protocol type of the authentication
In a security mode with Or, which authentication method is to be used depends on the protocol type of the
authentication request. However, 802.1X authentication is preferred by wireless users.
userLogin with Secure specifies 802.1X authentication and MAC-based access control.
Ext indicates allowing multiple 802.1X users to be authenticated and serviced at the same time. A security
mode without Ext allows only one user to pass 802.1X authentication.
Control MAC address learning
A port in autoLearn or secure mode allows only frames sourced from the MAC addresses that are in the
MAC address table to pass.
A port in this mode can learn MAC addresses. These dynamically learned MAC addresses are secure
MAC addresses. You can also configure secure MAC addresses by using the port-security
mac-address security command. A secure MAC addresses never ages out by default. When the
number of secure MAC addresses reaches the upper limit, the port turns to secure mode. In addition,
you can configure MAC addresses manually by using the mac-address dynamic and mac-address
static commands for a port in autoLearn mode.
In autoLearn mode, dynamic MAC address learning function on the port in MAC address management
In this mode, MAC address learning is disabled on the port and you can configure MAC addresses by
using the mac-address static and mac-address dynamic commands.
Perform 802.1X authentication
A port in this mode performs 802.1X authentication and implements port-based access control. The port
can service multiple 802.1X users. If one 802.1X user passes authentication, all the other 802.1X users
of the port can access the network without authentication.
A port in this mode performs 802.1X authentication and implements MAC-based access control. The
port services only one user passing 802.1X authentication.
This mode is similar to the userLoginSecure mode except that this mode supports multiple online
This mode is similar to the userLoginSecure mode. In addition, a
whose MAC address contains a specified OUI (organizationally unique identifier).
For wired users, the port performs 802.1X authentication upon receiving 802.1X frames, and performs OUI
check upon receiving non-802.1X frames.
Use the security mode...
port in this mode also permits frames from