Port security traps, Port security modes – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

222

Port security traps

You can configure the port security module to send traps for port security events such as login, logoff, and

MAC authentication. These traps help you monitor user behaviors.

Port security modes

Port security supports the following categories of security modes:

•

MAC learning control—Includes the secure mode. MAC address learning is disabled in secure

mode.

•

Authentication—Security modes in this category implement MAC authentication, 802.1X
authentication, or a combination of these two authentication methods.

Upon receiving a frame, the port in a security mode searches the MAC address table for the source MAC

address. If a match is found, the port forwards the frame. If no match is found, the port learns the MAC

address or performs authentication, depending on the security mode. If the frame is illegal, the port takes
the pre-defined NTK, intrusion protection, or trapping action.

Table 10

describes the port security modes and the security features.

Table 10 Port security modes

Purpose Security

mode

Features that can be

triggered

Turning off the port security
feature

noRestrictions (the default mode)
In this mode, port security is disabled on the port

and access to the port is not restricted.

—

Controlling MAC address
learning

secure

NTK/intrusion
protection

Performing 802.1X
authentication

userLogin —

userLoginSecure

NTK/intrusion
protection

userLoginSecureExt

userLoginWithOUI

Performing MAC authentication

macAddressWithRadius

NTK/intrusion
protection

Performing a combination of
MAC authentication and

802.1X authentication

Or

macAddressOrUserLoginSecure

NTK/intrusion
protection

macAddressOrUserLoginSecureExt

Else

macAddressElseUserLoginSecure

macAddressElseUserLoginSecureExt