Alcatel OS-LS-6224 User Manual page 173

port (either it was learned on a different port, or it is unknown to the system), the
protection mechanism is invoked, and can provide various options. Unauthorized
packets arriving at a locked port are either:
• Forwarded
• Discarded with no trap
• Discarded with a trap
• The port is shut down
Port security allows you to configure a switch port with one or more device MAC
addresses that are authorized to access 'the network through that port.
When port security by MAC address is enabled on a port, the switch stops learning
new MAC addresses on the specified port when it has reached a configured
maximum number. Only incoming traffic with source addresses already stored in the
dynamic or static address table will be accepted as authorized to access the network
through that port. If a device with an unauthorized MAC address attempts to use the
switch port, the intrusion will be detected and the switch can automatically take
action by disabling the port and sending a trap message.
To use port security by MAC address, specify a maximum number of addresses to
allow on the port and then let the switch dynamically learn the source MAC address,
VLAN pair for frames received on the port. Note that you can also manually add
secure addresses to the port using the Static Address Table. When the port has
reached the maximum number of MAC addresses the selected port will stop
learning. The MAC addresses already in the address table will be retained and will
not age out. Any other device that attempts to use the port will be prevented from
accessing the switch. Disabled ports are activated from the Port Security Page.
Ensure the following when configuring port security:
• A secure port has the following restrictions:
- Cannot use port monitoring.
- It cannot be used as a member of a static or dynamic trunk.
- It should not be connected to a network interconnection device.
• Configure a maximum address count for the port to allow access.
• The device supports the range of 1-128 MAC addresses on a locked port.
Command Attributes
• Unit No. — Indicates the stacking member for which the port security information
is displayed.
• Interface — Indicates the port or LAG number.
• Interface Status — Indicates if the interface is locked or unlocked.
• Learning Mode — Defines the locked interface mode. The Learning Mode field is
enabled only if Locked is selected in the Set Port field. The possible field values
are:
• Classic Lock — Locks the port using the classic lock mechanism. The port is
immediately locked, regardless of the number of addresses that have already
been learned.
Configuring Traffic Control
3
149