Support for guest vlan and auth-fail vlan, Port security configuration task list – H3C Technologies H3C S7500E Series Switches User Manual
Page 173
9-5
This mode is similar to the macAddressOrUserLoginSecure mode except that a port in this mode
supports multiple 802.1X and MAC authentication users.
3) macAddressElseUserLoginSecure
This mode is the combination of the macAddressWithRadius and userLoginSecure modes, with MAC
authentication having a higher priority as the Else keyword implies.
For non-802.1X frames, a port in this mode performs only MAC authentication. For 802.1X frames, it
performs MAC authentication and then, if the authentication fails, 802.1X authentication.
4) macAddressElseUserLoginSecureExt
This mode is similar to the macAddressElseUserLoginSecure mode except that a port in this mode
supports multiple 802.1X and MAC authentication users as the keyword Ext implies.
z
The maximum number of users a port supports equals the maximum number of secure MAC
addresses or the maximum number of authenticated users the security mode supports, whichever
is smaller.
z
For description about how to configure MAC addresses, see MAC Address Table Configuration
Commands in the Layer 2 - LAN Switching Command Reference.
Support for Guest VLAN and Auth-Fail VLAN
An 802.1X guest VLAN is the VLAN that a user is in before initiating authentication. An 802.1X
Auth-Fail VLAN is the VLAN that a user is in after failing authentication.
For a security mode that supports 802.1X authentication, you can configure a MAC-based guest
VLAN (802.1X MGV) or a MAC-based Auth-Fail VLAN (MAFV). For details about 802.1X MGV and
MAFV, see 802.1X Configuration in the Security Configuration Guide.
Port Security Configuration Task List
Complete the following tasks to configure port security:
Task
Remarks
Required
Setting the Maximum Number of Secure MAC Addresses
Optional
Setting the Port Security Mode
Required
Configuring Intrusion Protection
Optional
Configure one or more
features as required.