3Com Switch 7750 Series
Command Reference Guide – Port Security & Port Binding Chapter 1 Port Security Commands
1-12
Security
mode Description Feature
userlogin-
secure
The port is enabled only after an access user
passes the 802.1x authentication. When the port is
enabled, only the packets of the successfully
authenticated user can pass through the port.
In this mode, only one 802.1x-authenticated user
is allowed to access the port.
When the port changes from the normal mode to
this security mode, the system automatically
removes the existing dynamic MAC address
entries and authenticated MAC address entries on
the port.
userlogin-
withoui
This mode is similar to the userlogin-secure
mode, except that, besides the packets of the
single 802.1x-authenticated user, the packets
whose source MAC addresses have a particular
OUI are also allowed to pass through the port.
When the port changes from the normal mode to
this security mode, the system automatically
removes the existing dynamic/authenticated MAC
address entries on the port.
mac-authe
ntication In this mode, MAC address–based authentication
is performed for access users.
userlogin-
secure-or-
mac
In this mode, the two kinds of authentication in
mac-authentication and userlogin-secure
modes can be performed simultaneously. If both
kinds of authentication succeed, the
userlogin-secure mode takes precedence over
the mac-authentication mode.
userlogin-
secure-els
e-mac
In this mode, first the MAC-based authentication is
performed. If this authentication succeeds, the
mac-authentication mode is adopted, or else, the
authentication in userlogin-secure mode is
performed.
userlogin-
secure-ext
This mode is similar to the userlogin-secure
mode, except that there can be more than one
802.1x-authenticated user on the port.
userlogin-
secure-or-
mac-ext
This mode is similar to the
userlogin-secure-or-mac mode, except that
there can be more than one 802.1x-authenticated
user on the port.
userlogin-
secure-els
e-mac ext
This mode is similar to the
mac-else-userlogin-secure mode, except that
there can be more than one 802.1x-authenticated
user on the port.
In any of these
modes, the
device will trigger
NTK and
intrusion
protection upon
detecting an
illegal packet.