beautypg.com

Controlling mac address learning, Performing 802.1x authentication – H3C Technologies H3C S6300 Series Switches User Manual

Page 160

background image

145

TIP:

userLogin specifies 802.1X authentication and port-based access control. userLogin with Secure
specifies 802.1X authentication and MAC-based access control. Ext indicates allowing multiple 802.1X
users to be authenticated and serviced at the same time. A security mode without Ext allows only one

user to pass 802.1X authentication.

macAddress specifies MAC authentication.

Else specifies that the authentication method before Else is applied first. If the authentication fails,
whether to turn to the authentication method following Else depends on the protocol type of the
authentication request.

Typically, in a security mode with Or, the authentication method to be used depends on the protocol type
of the authentication request. For wireless users, the network access device always use 802.1X

authentication first.

Controlling MAC address learning

autoLearn
A port in this mode can learn MAC addresses. The automatically learned MAC addresses are not
added to the MAC address table as dynamic MAC address, but to the secure MAC address table

as secure MAC addresses. You can also configure secure MAC addresses by using the
port-security mac-address security command.
A port in autoLearn mode allows frames sourced from secure MAC addresses and MAC addresses
configured by using the mac-address dynamic and mac-address static commands to pass.
When the number of secure MAC addresses reaches the upper limit, the port transitions to secure
mode.

secure
MAC address learning is disabled on a port in secure mode. You configure MAC addresses by
using the mac-address static and mac-address dynamic commands. For more information about

configuring MAC address table entries, see Layer 2—LAN Switching Configuration Guide.
A port in secure mode allows only frames sourced from secure MAC addresses and MAC

addresses configured by using the mac-address dynamic and mac-address static commands to
pass.

Performing 802.1X authentication

userLogin
A port in this mode performs 802.1X authentication and implements port-based access control.
The port can service multiple 802.1X users. Once an 802.1X user passes authentication on the

port, any subsequent 802.1X users can access the network through the port without
authentication.

userLoginSecure
A port in this mode performs 802.1X authentication and implements MAC-based access control.
The port services only one user passing 802.1X authentication.

userLoginSecureExt
This mode is similar to the userLoginSecure mode except that this mode supports multiple online
802.1X users.

userLoginWithOUI

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: