Perform 802.1x authentication, Perform mac authentication, Perform a combination of mac – H3C Technologies H3C S7500E Series Switches User Manual

9-4

A port in this mode can learn MAC addresses, and allows frames from learned or configured MAC

addresses to pass. The automatically learned MAC addresses are secure MAC addresses. You can

also configure secure MAC addresses by using the port-security mac-address security command.

A secure MAC address never ages out by default.

In addition, you can configure MAC addresses manually by using the mac-address dynamic and

mac-address static commands for a port in autoLearn mode.

When the number of secure MAC addresses reaches the upper limit, the port transitions to secure

mode.

On a port operating in autoLearn mode, the dynamic MAC address learning function in MAC address

management is disabled.

2) secure

MAC address learning is disabled on a port in secure mode, but you can configure MAC addresses by

using the mac-address static and mac-address dynamic commands.

A port in secure mode allows only frames sourced from secure MAC addresses and MAC addresses

manually configured by using the mac-address dynamic and mac-address static commands to

pass.

Perform 802.1X authentication

1) userLogin

A port in this mode performs 802.1X authentication and implements port-based access control. The

port can service multiple 802.1X users. If one 802.1X user passes authentication, all the other 802.1X

users of the port can access the network without authentication.

2) userLoginSecure

A port in this mode performs 802.1X authentication and implements MAC-based access control. The

port services only one user passing 802.1X authentication.

3) userLoginSecureExt

This mode is similar to the userLoginSecure mode except that this mode supports multiple online

802.1X users.

4) userLoginWithOUI

This mode is similar to the userLoginSecure mode. The difference is that a

port in this mode also permits

frames from one user

whose MAC address contains a specified OUI (organizationally unique identifier).

For wired users, the port performs 802.1X authentication upon receiving 802.1X frames, and performs

OUI check upon receiving non-802.1X frames.

Perform MAC authentication

macAddressWithRadius: A port in this mode performs MAC authentication and services multiple

users.

Perform a combination of MAC authentication and 802.1X authentication

1) macAddressOrUserLoginSecure

This mode is the combination of the macAddressWithRadius and userLoginSecure modes.

For wired users, the port performs MAC authentication upon receiving non-802.1X frames and

performs 802.1X authentication upon receiving 802.1X frames.

2) macAddressOrUserLoginSecureExt