h3cSecurePortMode 1.3.6.1.4.1.43.45.1.10.2.26.1.2.1.1.1

Determines the learning and security modes of the port. See h3cSecureNeedToKnowMode and h3cSecureIntrusionAction to configure Need To Know and Intrusion Action on each port. (When in a learning mode, h3cSecureNumberAddresses determines the maximum number of addresses that can be learned on the port. This is set by the user.) noRestrictions(1) All of the security features are disabled. continuousLearning(2) Addresses are learned continually. If more addresses are learned than are permitted on the port, then one of the older entries will be aged out. Need To Know and Intrusion Action depends on h3cSecureNeedToKnowMode and h3cSecureIntrusionAction respectively. autoLearn(3) All addresses for this port are deleted, and then addresses are learned up to the number permitted. h3cSecurePortMode is then set to secure. Need To Know and Intrusion Action depends on h3cSecureNeedToKnowMode and h3cSecureIntrusionAction respectively. secure(4) Learning is disabled. Need To Know and Intrusion Action depends on h3cSecureNeedToKnowMode and h3cSecureIntrusionAction respectively. userLogin(5) Access to the port is denied until the port client is authorised (by 802.1X or other authentication mechanism). Once authorised, traffic will be accepted from any MAC address. The Need To Know and Intrusion Action are ignored. userLoginSecure(6) Access to the port is denied until the port client is authorised (by 802.1X or other authentication mechanism). When the client is authorised, the MAC address is added to the Secure Address Table. The h3cSecureMaximumAddresses is set to one automatically when this mode is entered. Any existing MAC addresses in the Secure Address Table are deleted. Need To Know and Intrusion Action depends on h3cSecureNeedToKnowMode and h3cSecureIntrusionAction respectively. Learning is disabled. userLoginWithOUI(7) This mode is similar to the userLoginSecure mode except that a second MAC address may be placed in the Secure Address Table. This second address is authorised based on the MAC address OUI value. If a new device with an authorised OUI value is discovered, the previous entry is deleted. Traffic from the OUI authorised device will be accepted even if the user has not been authenticated. Need To Know and Intrusion Action depends on h3cSecureNeedToKnowMode and h3cSecureIntrusionAction respectively. macAddressWithRadius(8) This selects the RADIUS Authenticated Login using MAC-address (RALM) security mode on the port. This feature controls network access of a host based on authenticating its MAC address. Once authorised, the host is allowed access to the network. If unauthorised, the port can be configured to deny access to this MAC address or to allow some access depending upon the port VLAN and QoS configuration. Where access is allowed, the MAC address is added to the Secure Address Table. macAddressOrUserLoginSecure(9) This selects both the macAddressWithRadius and userLoginSecure modes together such that either or both are allowed to authorised access. Where both authorised access, userLoginSecure takes precedence. macAddressElseUserLoginSecure(10) This selects both the macAddressWithRadius and userLoginSecure modes together such that the MAC address is first authenticated and only if this fails does the userLoginSecure then attempt user authentication. userLoginSecureExt(11) Access to the port is denied until the port client is authorised (by 802.1X or other authentication mechanism). When the client is authorised, the MAC address is added to the Secure Address Table. The h3cSecureNumberAddresses is restricted by the value of h3cSecureMaximumAddresses automatically when this mode is entered. Any existing MAC addresses in the Secure Address Table are deleted. Need To Know and Intrusion Action depends on h3cSecureNeedToKnowMode and h3cSecureIntrusionAction respectively. Learning is disabled. macAddressOrUserLoginSecureExt(12) This selects both the macAddressWithRadius and userLoginSecureExt modes together such that either or both are allowed to authorised access. Where both authorised access, userLoginSecure takes precedence. macAddressElseUserLoginSecureExt(13) This selects both the macAddressWithRadius and userLoginSecureExt modes together such that the MAC address is first authenticated and only if this fails does the userLoginSecure then attempt user authentication. macAddressAndUserLoginSecure(14) This selects both the macAddressWithRadius and userLoginSecure modes together such that the MAC address is first authenticated and only if this succeeds does the userLoginSecure then attempt user authentication. macAddressAndUserLoginSecureExt(15) This selects both the macAddressWithRadius and userLoginSecureExt modes together such that the MAC address is first authenticated and only if this succeeds does the userLoginSecure then attempt user authentication.

Informations

Access Type
readwrite noRestrictions(1), continuousLearning(2), autoLearn(3), secure(4), userLogin(5), userLoginSecure(6), userLoginWithOUI(7), macAddressWithRadius(8), macAddressOrUserLoginSecure(9), macAddressElseUserLoginSecure(10), userLoginSecureExt(11), macAddressOrUserLoginSecureExt(12), macAddressElseUserLoginSecureExt(13), macAddressAndUserLoginSecure(14), macAddressAndUserLoginSecureExt(15)

Parent

1.3.6.1.4.1.43.45.1.10.2.26.1.2.1.1 h3cSecurePortEntry