359
•
Advanced
mode
—Port security supports 802.1X and MAC authentication. Different port
security modes represent different combinations of the two methods.
describes the advanced security modes.
Table 123 Advanced security modes
Advanced mode
Description
MAC-Auth
A port performs MAC authentication for users. It services multiple users.
802.1X Port Based
A port performs 802.1X authentication and implements port-based access
control.
In this mode, a port can service multiple 802.1X users. If one 802.1X user
passes authentication, all the other 802.1X users of the port can access
the network without authentication.
In this mode, neither outbound restriction nor intrusion protection will be
triggered.
802.1X Single Host
A port performs 802.1X authentication and implements MAC-based
access control. It services only one user passing 802.1X authentication.
802.1X MAC Based
A port performs 802.1X authentication of users and implements
MAC-based access control. The port in this mode supports multiple online
802.1X users.
802.1X MAC Based Or
OUI
Similar to the 802.1X Single Host mode, a port in this mode performs
802.1X authentication of users and allows only one 802.1X user to access
at a time.
•
The port also permits frames from a wired terminal whose MAC
address contains a specific OUI.
•
For frames from a wireless user, the port performs OUI check at first.
If the OUI check fails, the port performs 802.1X authentication.
MAC-Auth Or 802.1X
Single Host
This mode is the combination of the 802.1X Single Host and MAC-Auth
modes, with 802.1X authentication having higher priority.
•
For wired users, the port performs MAC authentication upon receiving
non-802.1X frames and performs 802.1X authentication upon
receiving 802.1X frames.
•
For wireless users, 802.1X authentication is performed first. If 802.1X
authentication fails, MAC authentication is performed.
MAC-Auth Or 802.1X
MAC Based
Similar to the MAC-Auth Or 802.1X Single Host mode, except that it
supports multiple 802.1X and MAC authentication users on the port.
MAC-Auth Else 802.1X
Single Host
This mode is the combination of the MAC-Auth and 802.1X Single Host
modes, with MAC authentication having higher priority.
•
A port in this mode performs only MAC authentication for non-802.1X
frames.
•
For 802.1X frames, the port performs MAC authentication and then, if
MAC authentication fails, 802.1X authentication.
MAC-Auth Else 802.1X
MAC Based
Similar to the MAC-Auth Else 802.1X Single Host mode, except that it
supports multiple 802.1X and MAC authentication users on the port.
The maximum number of users a port supports equals the maximum number of secure MAC
addresses that port security allows or the maximum number of concurrent users the authentication
mode in use allows, whichever is smaller.
An OUI is a 24-bit number that uniquely identifies a vendor, manufacturer, or organization. In MAC
addresses, the first three octets are the OUI.
Summary of Contents for FlexNetwork NJ5000
Page 12: ...x Index 440 ...
Page 39: ...27 Figure 16 Configuration complete ...
Page 67: ...55 Figure 47 Displaying the speed settings of ports ...
Page 78: ...66 Figure 59 Loopback test result ...
Page 158: ...146 Figure 156 Creating a static MAC address entry ...
Page 183: ...171 Figure 171 Configuring MSTP globally on Switch D ...
Page 243: ...231 Figure 237 IPv6 active route table ...