Section 8: Managing Device Security; Configuring Port Security - D-Link DWL-8600AP User Manual

D-Link UWS User Manual

Section 8: Managing Device Security

Use the features in the Security folder on the navigation tree menu to set management security parameters
for port, user, and server security.
The Security folder contains links to the following features:
•

"Configuring Port Security"

• "SSL/Secure HTTP Configuration"
• "Secure Shell (SSH) Configuration"
• "Configuring Port Security"
• "RADIUS Settings"
• "Port Access Control"
• "TACACS+ Settings"
Configuring Port Security
Port Security can be enabled on a per-port basis. When a port is locked, only packets with allowable source
MAC addresses can be forwarded. All other packets are discarded. A MAC address can be defined as allowable
by one of two methods: dynamically or statically. Note that both methods are used concurrently when a port
is locked.
Dynamic locking implements a "first arrival" mechanism for Port Security. You specify how many addresses can
be learned on the locked port. If the limit has not been reached, then a packet with an unknown source MAC
address is learned and forwarded normally. Once the limit is reached, no more addresses are learned on the
port. Any packets with source MAC addresses that were not already learned are discarded. Note that you can
effectively disable dynamic locking by setting the number of allowable dynamic entries to zero.
Static locking allows you to specify a list of MAC addresses that are allowed on a port. The behavior of packets
is the same as for dynamic locking: only packets with an allowable source MAC address can be forwarded.
To see the MAC addresses learned on a specific port, see
Database" on page 182.
Disabled ports can only be activated from the Configuring Ports page.
D-Link
Oct. 2015
"Configuring and Searching the Forwarding
Unified Wired and Wireless Access System
Managing Device Security
Page 373