HP 6125G HP Networking guide to hardening Comware-based devices - Page 28
The following table describes the port security modes., addresses the port can learn to 10
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 28 highlights
The following table describes the port security modes. Port security mode noRestrictions autoLearn secure userLogin userLoginSecure userLoginWithOUI macAddressWithRadius macAddressOrUserLoginSecure macAddressElseUserLoginSecure userLoginSecureExt macAddressOrUserLoginSecureExt macAddressElseUserLoginSecureExt Description In this mode, port security is disabled on the port and access to the port is not restricted. The port in this mode adds learned and configured secure MAC address entries into the secure MAC address table. When the maximum number of secure MAC addresses is reached, the port changes to secure mode. In this mode, the port does not learn new MAC addresses, and permits only packets whose source MAC address matches a secure MAC address entry to pass. A port in this mode performs 802.1X authentication and implements port-based access control. The port can service multiple 802.1X users. If one 802.1X user passes authentication, all the other 802.1X users of the port can access the network without authentication. A port in this mode performs 802.1X authentication and implements MAC-based access control. The port services only one user passing 802.1X authentication. This mode is similar to the userLoginSecure mode. The difference is that a port in this mode also permits frames from a MAC address that contains a specified organizationally unique identifier (OUI). A port in this mode performs MAC address authentication on users. This mode is the combination of the macAddressWithRadius and userLoginSecure modes. For wired users, the port performs MAC authentication upon receiving non-802.1X frames and performs 802.1X authentication upon receiving 802.1X frames. This mode is the combination of the macAddressWithRadius and userLoginSecure modes. For non-802.1X frames, a port in this mode performs only MAC authentication. For 802.1X frames, it performs MAC authentication and then, if the MAC authentication fails, 802.1X authentication. A port in this mode performs MAC-based 802.1X authentication and allows multiple 802.1X users to have access. This mode is similar to the macAddressOrUserLoginSecure mode, except that a port in this mode allows multiple 802.1X and MAC users to have access. This mode is similar to the macAddressElseUserLoginSecure mode, except that a port in this mode allows multiple 802.1X and MAC users to have access. The following configuration example enables MAC address learning on a port and sets the maximum number of MAC addresses the port can learn to 10: # [HP]port-security enable Please wait Done. [HP-Ethernet0/4/1]port-security max-mac-count 10 [HP-Ethernet0/4/1]port-security port-mode autolearn [HP-Ethernet0/4/1]di th # interface Ethernet0/4/1 port link-mode bridge port-security max-mac-count 10 port-security port-mode autolearn # 28