3com S7906E Instruccion De Instalación
1-4
z
Currently, port security supports two authentication methods: 802.1X and MAC authentication.
Different port security modes employ different authentication methods or different combinations of
authentication methods.
z
The maximum number of users a port supports is the lesser of the maximum number of secure
MAC addresses or the maximum number of authenticated users the security mode supports. For
example, in userLoginSecureExt mode, the maximum number of users a port supports is the lesser
of the maximum number of secure MAC addresses configured or the maximum number of users
that 802.1X supports.
z
Static MAC addresses are configured by using the mac-address static command. For details,
refer to MAC Address Table Commands in the System Volume.
These security mode naming rules may help you remember the modes:
z
userLogin specifies port-based 802.1X authentication.
z
macAddress specifies MAC address authentication.
z
Else specifies that the authentication method before Else is applied first. If the authentication fails,
the protocol type of the authentication request determines whether to turn to the authentication
method following the Else.
z
In a security mode with Or, the protocol type of the authentication request determines which
authentication method is to be used.
z
userLogin with Secure specifies MAC-based 802.1X authentication.
z
Ext indicates allowing multiple 802.1X users to be authenticated and get online. A security mode
without Ext allows only one 802.1X user to be authenticated and get online.
Support for Guest VLAN and Auth-Fail VLAN
An 802.1X guest VLAN is the VLAN that a user is in before initiating authentication. An 802.1X Auth-Fail
VLAN is the VLAN that a user is in after failing authentication.
For a security mode that supports 802.1X authentication, you can configure a MAC-based guest VLAN
(802.1X MGV) or a MAC-based Auth-Fail VLAN (MAFV). For details about 802.1X MGV and MAFV,
refer to 802.1X Configuration in the Security Volume.