1-3Security mode Description FeatureuserLoginSecureMAC-based 802.1x authentication isperformed on the access user. The port isenabled only after the authenticationsucceeds. When the port is enabled, only thepackets of the successfully authenticated usercan pass through the port.In this mode, only one 802.1x-authenticateduser is allowed to access the port.When the port changes from thenoRestriction mode to this security mode, thesystem automatically removes the existingdynamic MAC address entries andauthenticated MAC address entries on theport.userLoginSecureExtThis mode is similar to the userLoginSecuremode, except that there can be more than one802.1x-authenticated user on the port.userLoginWithOUIThis mode is similar to the userLoginSecuremode, except that, besides the packets of thesingle 802.1x-authenticated user, the packetswhose source MAC addresses have aparticular OUI are also allowed to passthrough the port.When the port changes from the normal modeto this security mode, the systemautomatically removes the existingdynamic/authenticated MAC address entrieson the port.macAddressWithRadiusIn this mode, MAC address–basedauthentication is performed for access users.macAddressOrUserLoginSecureIn this mode, both MAC authentication and802.1x authentication can be performed, but802.1x authentication has a higher priority.802.1x authentication can still be performedon an access user who has passed MACauthentication.No MAC authentication is performed on anaccess user who has passed 802.1xauthentication.In this mode, there can be only one802.1x-authenticated user on the port, butthere can be several MAC-authenticatedusers.macAddressOrUserLoginSecureExtThis mode is similar to themacAddressOrUserLoginSecure mode,except that there can be more than one802.1x-authenticated user on the port. .macAddressElseUserLoginSecureIn this mode, a port performs MACauthentication or 802.1x authentication of anaccess user. If either authentication succeeds,the user is authenticated.In this mode, there can be only one802.1x-authenticated user on the port, butthere can be several MAC-authenticatedusers.In any of these modes, thedevice triggers the NTKand Intrusion Protectionfeatures upon detectingan illegal packet or illegalevent.
