3com 5500-ei pwr Reference Guide
1-16
Keyword
Security mode
Description
userlogin-secure userLoginSecure
In this mode, MAC-based 802.1x
authentication is applied on users trying to
access the network through the port. The port
will be enabled when the authentication
succeeds and allow packets from
authenticated users to pass through.
authentication is applied on users trying to
access the network through the port. The port
will be enabled when the authentication
succeeds and allow packets from
authenticated users to pass through.
In this mode, only one 802.1x-authenticated
user can access the network through the port.
user can access the network through the port.
When the security mode of the port changes
from noRestriction to this mode, the old
dynamic MAC address entries and
authenticated MAC address entries kept on
the port are deleted automatically.
from noRestriction to this mode, the old
dynamic MAC address entries and
authenticated MAC address entries kept on
the port are deleted automatically.
userlogin-secure-ext userLoginSecureExt
This mode is similar to the userLoginSecure
mode, except that in this mode, there can be
more than one 802.1x-authenticated user on
the port.
mode, except that in this mode, there can be
more than one 802.1x-authenticated user on
the port.
userlogin-secure-or-m
ac
ac
macAddressOrUserL
oginSecure
oginSecure
MAC address authentication and 802.1x
authentication can coexist on a port, with
802.1x authentication having higher priority.
authentication can coexist on a port, with
802.1x authentication having higher priority.
802.1x authentication can be applied on users
who have already passed MAC address
authentication.
who have already passed MAC address
authentication.
However, users who have already passed
802.1x authentication do not need to go
through MAC address authentication.
802.1x authentication do not need to go
through MAC address authentication.
In this mode, only one 802.1x-authenticated
user can access the network through the port.
However, there can be more than one
MAC-address-authenticated user on the port.
user can access the network through the port.
However, there can be more than one
MAC-address-authenticated user on the port.
userlogin-secure-or-m
ac-ext
ac-ext
macAddressOrUserL
oginSecureExt
oginSecureExt
This mode is similar to the
macAddressOrUserLoginSecure mode,
except that in this mode, there can be more
than one 802.1x-authenticated user on the
port.
macAddressOrUserLoginSecure mode,
except that in this mode, there can be more
than one 802.1x-authenticated user on the
port.
userlogin-withoui userLoginWithOUI
Similar to the userLoginSecure mode, in this
mode, there can be only one
802.1x-authenticated user on the port.
However, the port also allows packets with the
OUI address to pass through.
mode, there can be only one
802.1x-authenticated user on the port.
However, the port also allows packets with the
OUI address to pass through.
When the security mode of the port changes
from noRestriction to this mode, the old
dynamic MAC address entries and
authenticated MAC address entries kept on
the port are deleted automatically.
from noRestriction to this mode, the old
dynamic MAC address entries and
authenticated MAC address entries kept on
the port are deleted automatically.
Description
Use the port-security port-mode command to set the security mode of the port.
Use the undo port-security port-mode command to restore the default mode.
By default, the port is in the noRestriction mode, namely access to the port is not restricted.