Setting the port security mode – H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 146
18-5
z
Assume that, in the macAddressOrUserLoginSecureExt port security mode, you have
configured to allow up to n authenticated users to access the network. When all of these n
authenticated users are connected to the network and one or more of them are MAC-authenticated,
to perform 802.1x authentication on the MAC-authenticated user(s), the number of maximum MAC
addresses allowed on the port must be set to n + 1. Similarly, in the case of the
macAddressOrUserLoginSecure
security mode, the maximum number of MAC addresses
allowed on the port must be set to 2.
z
In the macAddressAndUserLoginSecureExt port security mode, to allow up to n authenticated
users to be connected to the network at the same time and the nth user to be 802.1x-authenticated,
the maximum number of MAC addresses allowed on the port must be set to at least n + 1. Similarly,
in the case of the macAddressAndUserLoginSecure security mode, the maximum number of
MAC addresses allowed on the port must be set to 2.
Setting the Port Security Mode
Follow these steps to set the port security mode:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Set the OUI value for
user authentication
port-security oui OUI-value index index-value
Optional
In userLoginWithOUI
mode, a port supports one
802.1x user plus one user
whose source MAC
address has a specified
OUI value.
Enter Ethernet port
view
interface
interface-type interface-number
—
Set the port security
mode
port-security port-mode
{ autolearn |
mac-and-userlogin-secure
|
mac-and-userlogin-secure-ext
| mac-authentication |
mac-else-userlogin-secure
|
mac-else-userlogin-secure-ext
| secure | userlogin |
userlogin-secure
| userlogin-secure-ext |
userlogin-secure-or-mac
|
userlogin-secure-or-mac-ext
| userlogin-withoui }
Required
By default, a port operates
in noRestriction mode. In
this mode, access to the
port is not restricted.
You can set a port security
mode as needed.