Support for guest vlan and auth-fail vlan, Port security configuration task list – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 239

225
•
In presharedKey mode, the maximum number of PSK users on the port is the port specification limit
on the number of wireless users or port security's limit on the number of MAC addresses, whichever
is smaller. The actual maximum number of PSK users on the port also depends on the total number
of PSK users that the system can support. For more information, see About the WX Series Access
Controllers Command References.
•
In macAddressAndPresharedKey mode, the maximum number of PSK users on the port is the MAC
authentication feature's limit on the number of concurrent users or port security's limit on the number
of MAC addresses, whichever is smaller. The actual maximum number of PSK users on the port also
depends on the total number of PSK users that the system can support.
•
In userLoginSecureExtOrPresharedKey mode, the number of PSK users on the port cannot exceed
the port limit on the number of wireless users, the number of 802.1X users cannot exceed the 802.1X
feature's limit on the number of concurrent users, and the total number of PSK and 802.1X users
cannot exceed port security's limit on the number of MAC addresses on the port. The maximum
number of PSK or 802.1X users also depends on the system specification.
CAUTION:
Do not configure static MAC address entries for wireless users that use the 802.1X or MAC authentication
service. If the source MAC address and the VLAN of a wireless user match a static MAC address entry in
the MAC address table, the user cannot pass 802.1X authentication or MAC authentication.
Support for guest VLAN and Auth-Fail VLAN
An 802.1X guest VLAN is the VLAN that a user is in before initiating authentication. An 802.1X Auth-Fail
VLAN or a MAC authentication guest VLAN is the VLAN that a user is in after failing authentication.
•
You can use the 802.1X guest VLAN and 802.1X Auth-Fail VLAN features together with port security
modes that support 802.1X authentication. For more information about the 802.1X guest VLAN and
Auth-Fail VLAN on a port that performs MAC-based access control, see "Configuring 802.1X."
•
You can use the MAC authentication VLAN feature together with security modes that support MAC
authentication. For more information about the MAC authentication guest VLAN, see "Configuring
MAC authentication."
•
If you configure both an 802.1X Auth-Fail VLAN and a MAC authentication guest VLAN on a port
that performs MAC-based access control, the 802.1X Auth-Fail VLAN has a higher priority.
Port security configuration task list
Task Remarks
Required.
Setting port security's limit on the number of MAC addresses on a port
Optional.
Setting the port security mode
Required.
Configuring port security
features
Optional.
Configure one or more features
as required.
Configuring intrusion protection
Configuring port security
for WLAN ports
Setting the port security mode of a WLAN port
Required for WLAN ports.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000