Port security configuration
This chapter includes these sections:
Port security overview
•
Port security configuration task list
•
Enabling port security
•
•
Setting the maximum number of secure MAC addresses
Setting the port security mode
•
Configuring port security features
•
Configuring secure MAC addresses
•
Ignoring authorization information from the server
•
•
Displaying and maintaining port security
Port security configuration examples
•
Troubleshooting port security
•
Port security overview
Port security is a MAC address-based security mechanism for network access control. It is an extension
to the existing 802.1X authentication and MAC authentication. It prevents access of unauthorized devices
to a network by checking the source MAC address of inbound traffic and access to unauthorized devices
by checking the destination MAC address of outbound traffic.
Port security enables you to control MAC address learning and authentication on ports. This enables the
port to learn legal source MAC addresses.
With port security enabled, frames whose source MAC addresses cannot be learned by the device in a
security mode are considered illegal; the events that users do not pass 802.1X authentication or MAC
authentication are considered illegal.
Upon detection of illegal frames or events, the device takes the pre-defined action automatically. When
enhancing the system security, this reduces your maintenance burden greatly.
NOTE:
The security modes of the port security feature provide extended and combined use of 802.1X
authentication and MAC authentication. They apply to scenarios that require both 802.1X authentication
and MAC authentication. For scenarios that require only 802.1X authentication or MAC authentication,
HP recommends you configure 802.1X authentication or MAC authentication rather than port security.
For information about 802.1X and MAC authentication, see the chapters "802.1X configuration" and
"MAC authentication configuration
.
"
171