h3cSecurePortMode

H3C-PORT-SECURITY-MIB · .1.3.6.1.4.1.2011.10.2.26.1.2.1.1.1

Object

column r/w Enumeration

Determines the learning and security modes of the port.
See h3cSecureNeedToKnowMode and h3cSecureIntrusionAction to
configure Need To Know and Intrusion Action on each port.
(When in a learning mode, h3cSecureNumberAddresses determines the maximum
number of addresses that can be learned on the port.  This is set
by the user.)
              
noRestrictions(1)    All of the security features are disabled.
              
continuousLearning(2)   Addresses are learned continually.  If more
    addresses are learned than are permitted on the
    port, then one of the older entries will be aged
    out.  Need To Know and Intrusion Action depends on
    h3cSecureNeedToKnowMode and h3cSecureIntrusionAction
    respectively.
              
autoLearn(3)      All addresses for this port are deleted, and then
    addresses are learned up to the number permitted.
    h3cSecurePortMode is then set to secure.  Need To
    Know and Intrusion Action depends on
    h3cSecureNeedToKnowMode and h3cSecureIntrusionAction
    respectively.
              
secure(4)      Learning is disabled. Need To Know and Intrusion
    Action depends on h3cSecureNeedToKnowMode and
    h3cSecureIntrusionAction respectively.
              
userLogin(5)   Access to the port is denied until the port client is
    authorised (by 802.1X or other authentication mechanism).
    Once authorised, traffic will be accepted from any MAC
    address.  The Need To Know and Intrusion Action are ignored.
              
userLoginSecure(6) Access to the port is denied until the port client
    is authorised (by 802.1X or other authentication mechanism).
    When the client is authorised, the MAC address is added to the
    Secure Address Table.
    The h3cSecureMaximumAddresses is set to one automatically when
    this mode is entered.  Any existing MAC addresses in the Secure
    Address Table are deleted.  Need To Know and Intrusion Action
    depends on h3cSecureNeedToKnowMode and h3cSecureIntrusionAction
    respectively.  Learning is disabled.
              
userLoginWithOUI(7) This mode is similar to the userLoginSecure mode
    except that a second MAC address may be placed in the Secure
    Address Table.  This second address is authorised based on the
    MAC address OUI value.
    If a new device with an authorised OUI value is discovered,
    the previous entry is deleted.  Traffic from the
    OUI authorised device will be accepted even if the user has
    not been authenticated.  Need To Know and Intrusion Action
    depends on h3cSecureNeedToKnowMode and h3cSecureIntrusionAction
    respectively.
              
macAddressWithRadius(8) This selects the RADIUS Authenticated Login using
    MAC-address (RALM) security mode on the port.  This feature controls
    network access of a host based on authenticating its MAC
    address.  Once authorised, the host is allowed access to the
    network.  If unauthorised, the port can be configured to deny
    access to this MAC address or to allow some access depending
    upon the port VLAN and QoS configuration.
    Where access is allowed, the MAC address is added to the Secure
    Address Table.
              
macAddressOrUserLoginSecure(9) This selects both the macAddressWithRadius and
    userLoginSecure modes together such that either or both are allowed to
    authorised access.  Where both authorised access, userLoginSecure takes
    precedence.
              
macAddressElseUserLoginSecure(10) This selects both the macAddressWithRadius and
    userLoginSecure modes together such that the MAC address is first
    authenticated and only if this fails does the userLoginSecure then attempt
    user authentication.
              
userLoginSecureExt(11) Access to the port is denied until the port client
    is authorised (by 802.1X or other authentication mechanism).
    When the client is authorised, the MAC address is added to the
    Secure Address Table.
    The h3cSecureNumberAddresses is restricted by the value of h3cSecureMaximumAddresses
    automatically when this mode is entered.
    Any existing MAC addresses in the Secure Address Table are deleted.
    Need To Know and Intrusion Action depends on h3cSecureNeedToKnowMode
    and h3cSecureIntrusionAction respectively.  Learning is disabled.
              
macAddressOrUserLoginSecureExt(12) This selects both the macAddressWithRadius and
    userLoginSecureExt modes together such that either or both are allowed to
    authorised access.  Where both authorised access, userLoginSecure takes
    precedence.
              
macAddressElseUserLoginSecureExt(13) This selects both the macAddressWithRadius and
    userLoginSecureExt modes together such that the MAC address is first
    authenticated and only if this fails does the userLoginSecure then attempt
    user authentication.
              
macAddressAndUserLoginSecure(14) This selects both the macAddressWithRadius and
    userLoginSecure modes together such that the MAC address is first
    authenticated and only if this succeeds does the userLoginSecure then attempt
    user authentication.
              
macAddressAndUserLoginSecureExt(15) This selects both the macAddressWithRadius and
    userLoginSecureExt modes together such that the MAC address is first
    authenticated and only if this succeeds does the userLoginSecure then attempt
    user authentication.

Context

MIB: H3C-PORT-SECURITY-MIB
OID: .1.3.6.1.4.1.2011.10.2.26.1.2.1.1.1
Type: column
Access: readwrite
Status: current
Parent: h3cSecurePortEntry
Table: h3cSecurePortTable
Siblings: 5

Syntax

Enumeration

Values & Constraints

Enumerated Values

`1`	noRestrictions
`2`	continuousLearning
`3`	autoLearn
`4`	secure
`5`	userLogin
`6`	userLoginSecure
`7`	userLoginWithOUI
`8`	macAddressWithRadius
`9`	macAddressOrUserLoginSecure
`10`	macAddressElseUserLoginSecure
`11`	userLoginSecureExt
`12`	macAddressOrUserLoginSecureExt
`13`	macAddressElseUserLoginSecureExt
`14`	macAddressAndUserLoginSecure
`15`	macAddressAndUserLoginSecureExt

Related Objects

Sibling Objects

Object	Type	Syntax	OID
h3cSecureNeedToKnowMode Attribute to determine which frames are to be forwarded to this port intact. 1 - Need To Know is not available. 2 - All frames. 3 - Frames addressed to the authoris…	column	Enumeration	`.1.3.6.1.4.1.2011.10.2.26.1.2.1.1.2`
h3cSecureIntrusionAction Attribute to determine the action if an unauthorised device transmits on this port.	column	Enumeration	`.1.3.6.1.4.1.2011.10.2.26.1.2.1.1.3`
h3cSecureNumberAddresses The maximum number of addresses that the port can learn or store. Reducing this number may cause some addresses to be deleted. This value is set by the user and cannot be automati…	column	SNMPv2-SMIInteger32	`.1.3.6.1.4.1.2011.10.2.26.1.2.1.1.4`
h3cSecureNumberAddressesStored The number of addresses that are currently in the AddressTable for this port. If this object has the same value as h3cSecureNumberAddresses, then no more addresses can be authori…	column	SNMPv2-SMIInteger32	`.1.3.6.1.4.1.2011.10.2.26.1.2.1.1.5`
h3cSecureMaximumAddresses This indicates the maximum value that h3cSecureNumberAddresses can be set to. It is dependent on the resources available so may change, eg. if resources are shared between ports,…	column	SNMPv2-SMIInteger32	`.1.3.6.1.4.1.2011.10.2.26.1.2.1.1.6`