124
C
12: P
HAPTER
ORT
Port Security
Configuration
S
C
ECURITY
ONFIGURATION
Table 77 Description of port security modes
Security mode
macAddressElseUserLo
ginSecure
macAddressElseUserLo
ginSecureExt
macAddressAndUserLo
ginSecure
macAddressAndUserLo
ginSecureExt
n
When the port operates in the userlogin-withoui mode, Intrusion Protection
■
will not be triggered even if the OUI address does not match.
In the macAddressElseUserLoginSecure or
■
macAddressElseUserLoginSecureExt security mode, the MAC address of a
user failing MAC authentication is set as a quiet MAC address. If the user
initiates 802.1x authentication during the quiet period, the switch does not
authenticate the user.
Table 78 Port security configuration tasks
"Enabling Port Security"
"Setting the Maximum Number of MAC Addresses
Allowed on a Port"
"Setting the Port Security Mode"
"Configuring
Port Security
Features"
"Ignoring the Authorization Information from the
RADIUS Server"
Description
MAC authentication is performed
first on the access user. If the
MAC authentication succeeds,
the access user has the
accessibility; otherwise, 802.1x
authentication is performed on
the access user.
In this mode, there can be only
one authenticated user on the
port.
This mode is similar to the
macAddressElseUserLoginSecu
re mode, except that there can be
more than one authenticated user
on the port.
To perform 802.1x authentication
on the access user, MAC
authentication must be
performed first. 802.1x
authentication can be performed
on the access user only if MAC
authentication succeeds.
In this mode there can be only
one authenticated user on the
port.
This mode is similar to the
macAddressAndUserLoginSec
ure mode, except that there can
be more than one authenticated
user on the port.
Task
"Configuring the NTK feature"
"Configuring intrusion protection"
"Configuring the Trap feature"
Feature
Remarks
Required
Optional
Required
Optional
Choose one or more features as
required.
Optional