Controlling mac address learning, Performing 802.1x authentication, Performing mac authentication – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 237: Performing a combination of mac authentication and, 1x authentication
223
TIP:
•
userLogin specifies 802.1X authentication and port-based access control.
•
macAddress specifies MAC authentication.
•
Else specifies that the authentication method before Else is applied first. If the authentication fails,
whether to turn to the authentication method following Else depends on the protocol type of the
authentication request.
•
Typically, in a security mode with Or, which authentication method is to be used depends on the
protocol type of the authentication request. For wireless users, the network access device always use
802.1X authentication first.
•
userLogin with Secure specifies 802.1X authentication and MAC-based access control.
•
Ext indicates allowing multiple 802.1X users to be authenticated and serviced at the same time. A
security mode without Ext allows only one user to pass 802.1X authentication.
Controlling MAC address learning
1.
secure
MAC address learning is disabled on a port in secure mode. You configure MAC addresses by using the
mac-address static and mac-address dynamic commands. For more information about configuring MAC
address table entries, see Layer 2 Configuration Guide.
A port in secure mode allows only frames sourced from manually configured MAC addresses to pass.
Performing 802.1X authentication
1.
userLogin
A port in this mode performs 802.1X authentication and implements port-based access control.
The port can service multiple 802.1X users. If one 802.1X user passes authentication, all the other
802.1X users of the port can access the network without authentication.
2.
userLoginSecure
A port in this mode performs 802.1X authentication and implements MAC-based access control.
The port services only one user passing 802.1X authentication.
3.
userLoginSecureExt
This mode is similar to the userLoginSecure mode except that this mode supports multiple online
802.1X users.
4.
userLoginWithOUI
This mode is similar to the userLoginSecure mode. The difference is that a port in this mode also
permits frames from one user whose MAC address contains a specific organizationally unique
identifier (OUI).
{
For wired users, the port performs 802.1X authentication upon receiving 802.1X frames, and
performs OUI check upon receiving non-802.1X frames.
{
For wireless users, the port performs OUI check at first. If the OUI check fails, the port performs
802.1X authentication.
Performing MAC authentication
macAddressWithRadius: A port in this mode performs MAC authentication and services multiple users.
Performing a combination of MAC authentication and 802.1X authentication
1.
macAddressOrUserLoginSecure
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000