Table of Contents
Advertisement
DES-3228PA Embedded Web System User Guide
Managing Port Security
Network security can be increased by limiting access on a specific port only to users with specific MAC addresses.
The MAC addresses can be dynamically learned or statically configured. Locked port security monitors both
received and learned packets that are received on specific ports. Access to the locked port is limited to users with
specific MAC addresses. These addresses are either manually defined on the port, or learned on that port up to
the point when it is locked. When a packet is received on a locked port, and the packet D-Link source MAC
address is not tied to that port (either it was learned on a different port, or it is unknown to the system), the protec-
tion mechanism is invoked, and can provide various options. Unauthorized packets arriving at a locked port are
either:
•
Forwarded
•
Discarded with no trap
•
Discarded with a trap
•
Shuts down the port.
Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list
can be restored after the device has been reset.
Disabled ports are activated from the Port Security Page. To define port security:
1.
Click Advanced Setup > Security Suite > Traffic Control > Port Security. The Port Security Page opens.
Figure 80: Port Security Page
The Port Security Page contains the following fields:
•
Unit No. — Displays the stacking member's unit number.
•
Interface — Displays the port or LAG name.
•
Interface Status — Indicates the host status. The possible field values are:
–
Unauthorized — Indicates that the port control is Force Unauthorized, the port link is down or the port
control is Auto, but a client has not been authenticated via the port.
Page 135
Advertisement
Table of Contents
