Control mac address learning – H3C Technologies H3C S7500E Series Switches User Manual

9-3

Table 9-1 Port security modes

On the port, if you want to…

Use the security mode…

Features that can be

triggered

Turn off the port security feature

noRestrictions (the default mode)

In this mode, port security is disabled on the port

and access to the port is not restricted.

—

autoLearn

Control MAC address learning

secure

NTK/intrusion

protection

userLogin —

userLoginSecure

userLoginSecureExt

Perform 802.1X authentication

userLoginWithOUI

NTK/intrusion

protection

Perform MAC authentication

macAddressWithRadius

NTK/intrusion

protection

macAddressOrUserLoginSecure

Or

macAddressOrUserLoginSecureExt

macAddressElseUserLoginSecure

Perform a combination of MAC

authentication and 802.1X

authentication

Else

macAddressElseUserLoginSecureExt

NTK/intrusion

protection

These security mode naming rules may help you remember the modes:

z

userLogin specifies 802.1X authentication and port-based access control.

z

macAddress specifies MAC address authentication.

z

Else specifies that the authentication method before Else is applied first. If the authentication fails, whether

to turn to the authentication method following Else depends on the protocol type of the authentication

request.

z

In a security mode with Or, which authentication method is to be used depends on the protocol type of the

authentication request.

z

userLogin with Secure specifies 802.1X authentication and MAC-based access control.

z

Ext indicates allowing multiple 802.1X users to be authenticated and serviced at the same time. A security

mode without Ext allows only one user to pass 802.1X authentication.

Control MAC address learning

1) autoLearn