1x authentication – H3C Technologies H3C S3600 Series Switches User Manual

1-3

addition, you can configure dynamic MAC addresses by using the mac-address dynamic

command for a port in autoLearn mode.

z

In secure mode, MAC address learning is disabled on the port and you can configure static and

dynamic MAC addresses (by using the mac-address static or mac-address dynamic

command).

A port in autoLearn or secure mode allows only frames sourced from the MAC addresses that are in

the MAC address table to pass.

Figure 1-1

shows the packet processing on a port in autoLearn/secure mode and the mode transition.

Figure 1-1 Packet processing and mode transition in autoLearn mode and secure mode

Yes

Change the security

mode to

The port receives a

packet

secure mode

autoLearn mode

Forward the packet

Yes

Is the

source MAC in the MAC

address table?

Yes

Security mode?

Drop the packet

No

Is the source

MAC in the MAC

address table?

Is the max.

number of secure MAC

reached?

Save the source MAC as a

secure MAC address

No

Operate

In autoLearn

No

802.1X authentication

z

userLogin: A port performs 802.1X authentication and implements port-based access control.

z

userLoginSecure: A port performs 802.1X authentication for users and implements MAC-based

access control. The port services only one user passing 802.1X authentication.

z

userLoginSecureExt: Similar to the userLoginSecure mode except that this mode supports

multiple online 802.1X users.