Security modes with the else keyword – H3C Technologies H3C S3600 Series Switches User Manual

1-5

Figure 1-2 Packet processing in a security mode with the And keyword

No

Succeed

The port in a security mode

with And receives a packet

Perform 802.1X

authentication

Is it an 802.1X packet?

Allow access to

authorized resources

Yes

Drop the packet

Fail

Fail

Succeed

Is the

source MAC in the MAC

address table?

Forward the packet

Yes

No

Perform MAC

authentication

Security modes with the Else keyword

z

macAddressElseUserLoginSecure: As the Else keyword implies, MAC authentication is applied

first. A port in this mode performs only MAC authentication for non-802.1X frames; it performs MAC

authentication for 802.1X frames and then, if the authentication fails, 802.1X authentication. The

port in this mode supports only one 802.1X online user, but supports multiple MAC authenticated

online users.

z

macAddressElseUserLoginSecureExt: Similar to the macAddressElseUserLoginSecure

mode except that the port in this mode services multiple 802.1X online users as the Ext keyword

implies

.

Figure 1-3

shows how the port processes packets in a security mode with the Else keyword.