beautypg.com

Port security modes, Autolearn mode vs. secure mode – H3C Technologies H3C S3600 Series Switches User Manual

Page 192

background image

1-2

Upon detection of illegal frames or events, the switch takes the pre-defined action automatically. While

enhancing system security, this reduces your maintenance efforts greatly.

Port Security Modes

By configuring a port of your switch to operate in an intended security mode, you can control how the

port learns source MAC addresses and thereby filters illegal packets.

Table 1-1

describes the port security modes.

Table 1-1 Description of port security modes

On the port, if you want to…

Use the security mode…

autoLearn

Control MAC address learning

secure

userLogin

userLoginSecure

userLoginSecureExt

Perform 802.1X authentication

userLoginWithOUI

Perform MAC authentication

macAddressWithRadius

macAddressAndUserLoginSecure

And

macAddressAndUserLoginSecureExt

macAddressElseUserLoginSecure

Else

macAddressElseUserLoginSecureExt

macAddressOrUserLoginSecure

Perform a combination of MAC
authentication and 802.1X
authentication

Or

macAddressOrUserLoginSecureExt

These security mode naming rules may help you remember the modes:

z

userLogin specifies 802.1X authentication and port-based access control.

z

userLogin with Secure specifies 802.1X authentication and MAC-based access control.

z

macAddress specifies MAC authentication.

z

And specifies that both MAC authentication and 802.1X authentication are required. A user can
access the network only after passing both authentications.

z

Else specifies that the authentication method before Else is applied first. If the authentication
fails, whether to turn to the authentication method following Else depends on the protocol type of
the authentication request.

z

In a security mode with Or, which authentication method is to be used depends on the protocol
type of the authentication request.

z

Ext indicates allowing multiple 802.1X users to be authenticated and serviced at the same time.

autoLearn mode vs. secure mode

z

In autoLearn mode, a port can learn MAC addresses. These dynamically learned MAC addresses

are secure MAC addresses. You can also configure secure MAC addresses by using the

mac-address security command. A secure MAC addresses never ages out by default. When the

number of secure MAC addresses reaches the upper limit, the port turns to secure mode. In

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: