H3C Technologies H3C S12500-X Series Switches User Manual

90

•

Authentication—Security modes in this category implement MAC authentication, 802.1X

authentication, or a combination of these two authentication methods.

Upon receiving a frame, the port in a security mode searches the MAC address table for the source MAC

address. If a match is found, the port forwards the frame. If no match is found, the port learns the MAC

address or performs authentication, depending on the security mode. If the frame is illegal, the port takes

the predefined NTK or intrusion protection action. By default, outgoing frames of a port are not restricted
by port security. Only when they trigger the NTK feature, are they restricted by the predefined NTK

action.
The maximum number of users a port supports equals the maximum number of secure MAC addresses

that port security allows or the maximum number of concurrent users the authentication mode in use
allows, whichever is smaller. For example, if 802.1X allows more concurrent users than port security's

limit on the number of MAC addresses on the port in userLoginSecureExt mode, port security's limit takes

effect.

793H

Table 5

describes the port security modes and the security features.

Table 5 Port security modes

Purpose Security

mode

Features that can be

triggered

Turning off the port security
feature

noRestrictions (the default mode)
In this mode, port security is disabled on the port
and access to the port is not restricted.

N/A

794H

Controlling MAC address
learning

autoLearn

NTK/intrusion
protection

secure

795H

Performing 802.1X
authentication

userLogin N/A

userLoginSecure

NTK/intrusion
protection

userLoginSecureExt

userLoginWithOUI

796H

Performing MAC authentication

macAddressWithRadius

NTK/intrusion
protection

797H

Performing a combination of
MAC authentication and

802.1X authentication

Or

macAddressOrUserLoginSecure

NTK/intrusion
protection

macAddressOrUserLoginSecureExt

Else

macAddressElseUserLoginSecure

macAddressElseUserLoginSecureExt