h3cSecurePortMode
1.3.6.1.4.1.43.45.1.10.2.26.1.2.1.1.1
Determines the learning and security modes of the port.
See h3cSecureNeedToKnowMode and h3cSecureIntrusionAction to
configure Need To Know and Intrusion Action on each port.
(When in a learning mode, h3cSecureNumberAddresses determines the maximum
number of addresses that can be learned on the port. This is set
by the user.)
noRestrictions(1) All of the security features are disabled.
continuousLearning(2) Addresses are learned continually. If more
addresses are learned than are permitted on the
port, then one of the older entries will be aged
out. Need To Know and Intrusion Action depends on
h3cSecureNeedToKnowMode and h3cSecureIntrusionAction
respectively.
autoLearn(3) All addresses for this port are deleted, and then
addresses are learned up to the number permitted.
h3cSecurePortMode is then set to secure. Need To
Know and Intrusion Action depends on
h3cSecureNeedToKnowMode and h3cSecureIntrusionAction
respectively.
secure(4) Learning is disabled. Need To Know and Intrusion
Action depends on h3cSecureNeedToKnowMode and
h3cSecureIntrusionAction respectively.
userLogin(5) Access to the port is denied until the port client is
authorised (by 802.1X or other authentication mechanism).
Once authorised, traffic will be accepted from any MAC
address. The Need To Know and Intrusion Action are ignored.
userLoginSecure(6) Access to the port is denied until the port client
is authorised (by 802.1X or other authentication mechanism).
When the client is authorised, the MAC address is added to the
Secure Address Table.
The h3cSecureMaximumAddresses is set to one automatically when
this mode is entered. Any existing MAC addresses in the Secure
Address Table are deleted. Need To Know and Intrusion Action
depends on h3cSecureNeedToKnowMode and h3cSecureIntrusionAction
respectively. Learning is disabled.
userLoginWithOUI(7) This mode is similar to the userLoginSecure mode
except that a second MAC address may be placed in the Secure
Address Table. This second address is authorised based on the
MAC address OUI value.
If a new device with an authorised OUI value is discovered,
the previous entry is deleted. Traffic from the
OUI authorised device will be accepted even if the user has
not been authenticated. Need To Know and Intrusion Action
depends on h3cSecureNeedToKnowMode and h3cSecureIntrusionAction
respectively.
macAddressWithRadius(8) This selects the RADIUS Authenticated Login using
MAC-address (RALM) security mode on the port. This feature controls
network access of a host based on authenticating its MAC
address. Once authorised, the host is allowed access to the
network. If unauthorised, the port can be configured to deny
access to this MAC address or to allow some access depending
upon the port VLAN and QoS configuration.
Where access is allowed, the MAC address is added to the Secure
Address Table.
macAddressOrUserLoginSecure(9) This selects both the macAddressWithRadius and
userLoginSecure modes together such that either or both are allowed to
authorised access. Where both authorised access, userLoginSecure takes
precedence.
macAddressElseUserLoginSecure(10) This selects both the macAddressWithRadius and
userLoginSecure modes together such that the MAC address is first
authenticated and only if this fails does the userLoginSecure then attempt
user authentication.
userLoginSecureExt(11) Access to the port is denied until the port client
is authorised (by 802.1X or other authentication mechanism).
When the client is authorised, the MAC address is added to the
Secure Address Table.
The h3cSecureNumberAddresses is restricted by the value of h3cSecureMaximumAddresses
automatically when this mode is entered.
Any existing MAC addresses in the Secure Address Table are deleted.
Need To Know and Intrusion Action depends on h3cSecureNeedToKnowMode
and h3cSecureIntrusionAction respectively. Learning is disabled.
macAddressOrUserLoginSecureExt(12) This selects both the macAddressWithRadius and
userLoginSecureExt modes together such that either or both are allowed to
authorised access. Where both authorised access, userLoginSecure takes
precedence.
macAddressElseUserLoginSecureExt(13) This selects both the macAddressWithRadius and
userLoginSecureExt modes together such that the MAC address is first
authenticated and only if this fails does the userLoginSecure then attempt
user authentication.
macAddressAndUserLoginSecure(14) This selects both the macAddressWithRadius and
userLoginSecure modes together such that the MAC address is first
authenticated and only if this succeeds does the userLoginSecure then attempt
user authentication.
macAddressAndUserLoginSecureExt(15) This selects both the macAddressWithRadius and
userLoginSecureExt modes together such that the MAC address is first
authenticated and only if this succeeds does the userLoginSecure then attempt
user authentication.