System DescriptionH3C S3600 Series Ethernet Switches Chapter 3 Software Features3-16address. If found, the user is authenticated and the MAC address will be automaticallyadded to the corresponding port; if not, the authentication fails and the packet will bediscarded. This authentication method does not involve the client, the client’s own MACaddress is taken as its user name and password.3.9.7 MAC Address Learning LimitMAC address learning limit: limits the number of MAC addresses learned by anEthernet switch port. The number ranges from 0 to 4k. The static MAC addressesadded on the port are not affected.3.9.8 MAC Address and Port BindingAfter a MAC address is bound with a port, this MAC address can only access thenetwork through this port.3.9.9 DUD AuthenticationWith the disconnect unauthorized device (DUD) function enabled, the switch filters outall the traffic of a connected device once it detects that the device is unauthorized.3.9.10 MAC Address Black HoleOn a S3600 series switch, you can enable the black hole function and configure a blackhole list. When the switch receives a packet with a source or destination MAC addressin the black hole, it drops the packet.3.9.11 AAA/RADIUS/HWTACACSThe S3600 series support user authentication at the local or with RADIUS servers thatare based on 802.1x or its extension.I. AAAAAA is the abbreviation of Authentication, Authorization and Accounting. It provides auniform framework to configure the security functions including authentication,authorization, and accounting. Actually, it offers a way to control the network security,which can be implemented with RADIUSAAA performs the following services: Authentication: Authenticates if the user can access the network sever. Authorization: Authorizes the user with specified services. Accounting: Tracks the network resources consumed by users.