HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 130
Default, Views, Predefined user roles, Parameters, Keyword, Security mode, Description
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 130 highlights
Default A port operates in noRestriction mode, where port security does not take effect. Views Interface view Predefined user roles network-admin Parameters Keyword autolearn mac-authentication mac-else-userlogin-secu re mac-else-userlogin-secu re-ext secure Security mode autoLearn macAddressWithRad ius macAddressElseUserL oginSecure macAddressElseUserL oginSecureExt secure Description A port in this mode can learn MAC addresses. The automatically learned MAC addresses are not added to the MAC address table as dynamic MAC address but to the secure MAC address table as secure MAC addresses. You can also configure secure MAC addresses by using the port-security mac-address security command. A port in autoLearn mode allows frames sourced from secure MAC addresses and MAC addresses configured by using the mac-address dynamic and mac-address static commands to pass. When the number of secure MAC addresses reaches the upper limit set by the port-security max-mac-count command, the port changes to secure mode. In this mode, a port performs MAC authentication for users and services multiple users. This mode is the combination of the macAddressWithRadius and userLoginSecure modes, with MAC authentication having a higher priority. It allows one 802.1X authentication user and multiple MAC authentication users to log in. • Upon receiving a non-802.1X frame, a port in this mode performs only MAC authentication. • Upon receiving an 802.1X frame, the port performs MAC authentication and then, if MAC authentication fails, 802.1X authentication. Same as the macAddressElseUserLoginSecure mode except that a port in this mode supports multiple 802.1X and MAC authentication users. In this mode, MAC address learning is disabled on the port and you can configure MAC addresses by using the mac-address static and mac-address dynamic commands. The port permits only frames sourced from secure MAC addresses and MAC addresses you manually configured by using the mac-address static and mac-address dynamic commands. 121