Support for wlan – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

224

This mode is the combination of the macAddressWithRadius and userLoginSecure modes.

{

For wired users, the port performs MAC authentication upon receiving non-802.1X frames and
performs 802.1X authentication upon receiving 802.1X frames.

{

For wireless users, the port performs 802.1X authentication first. If 802.1X authentication fails,

MAC authentication is performed.

2.

macAddressOrUserLoginSecureExt
This mode is similar to the macAddressOrUserLoginSecure mode except that a port in this mode
supports multiple 802.1X and MAC authentication users.

3.

macAddressElseUserLoginSecure
This mode is the combination of the macAddressWithRadius and userLoginSecure modes, with
MAC authentication having a higher priority as the Else keyword implies.
For non-802.1X frames, a port in this mode performs only MAC authentication. For 802.1X frames,
it performs MAC authentication and then, if the authentication fails, 802.1X authentication.

4.

macAddressElseUserLoginSecureExt
This mode is similar to the macAddressElseUserLoginSecure mode except that a port in this mode
supports multiple 802.1X and MAC authentication users as the keyword Ext implies.

NOTE:
•

An OUI, as defined by the Institute of Electrical and Electronics Engineers (IEEE), is the first 24 bits of the
MAC address, which uniquely identifies a device vendor.

•

The maximum number of users a port supports equals the maximum number of MAC addresses that
port security allows or the maximum number of concurrent users the authentication mode in use allows,

whichever is smaller. For example, if 802.1X allows more concurrent users than port security's limit on

the number of MAC addresses on the port in userLoginSecureExt mode, port security's limit takes effect.

Support for WLAN

Table 11

describes the port security modes that apply only to WLAN ports. These port security modes

implements wireless access security at the link layer.

Table 11 Port security modes for WLAN ports

Security mode

Description

Features that can be

triggered

presharedKey

In this mode, a user must use a pre-configured static
key, also called "the pre-shared key (PSK)," to
negotiate the session key with the device and can

access the port only after the negotiation succeeds.

NTK/intrusion protection

macAddressAndPreshare
dKey

In this mode, a user must pass MAC authentication
and then use the pre-configured PSK to negotiate

with the device. Only when the negotiation
succeeds, can the user access the device.

userLoginSecureExtOrPre
sharedKey

In this mode, a user interacts with the device,
choosing to undergo the UserLoginSecure mode or
using the PSK to negotiate with the device.

PSK users refer to users that have passed authentication in presharedKey mode. The maximum number of

PSK users on a port varies with security modes.