Port Security; Overview - D-Link xStack DGS-3610 Series Configuration Manual

DGS-3610 Series Configuration Guide
You can use the command of show interfaces switchport to view the configuration of
protected port.
DGS-3610# show interfaces gigabitethernet 0/3 switchport
Interface
---------
GigabitEthernet 0/3 enabled

36.3 Port Security

36.3.1

Overview

Based on the feature of port security, you can exercise strict control over the input of a
specific port by restricting access to the MAC address and IP (optional) of the port on the
device. After you configure some security addresses for the secure port (whose port security
function is enabled), this port does not forward any packets other than those whose source
addresses are the secure ones. In addition, you can also restrict the maximum number of
security addresses on a port. If you set the maximum value to 1 and configure one security
address for this port, the workstation (whose address is the configured secure M address)
connected to this port will occupy all the bandwidth of this port exclusively.
To enhance security, you can bind the MAC address with the IP address as the security
address. Of course you can also designate the MAC address without binding the IP address.
You can add the security addresses on the port in the following ways:
You can manually configure all the security addresses of the port by using the commands in
the interface configuration mode.
You can also let this port automatically learn these addresses, which will become the
security address on this port till the total number reaches the maximum value. Note that,
however, the automatically-learned security addresses will not be bound with the IP address.
On the same port, if you have configured a security address bound up with the IP address,
the port cannot be added with any security address by automatic learning.
Manually configure some security addresses, and let the device learn the rest.
When a port is configured as a secure port and the maximum number of its security
addresses is reached, a security violation occurs if the port receives a packet whose source
address is not one of the security addresses on the port. When security violations occur, you
can handle them through the following methods:
protect: When the maximum number of security addresses is reached, the secure port
discards the packet of unknown addresses (none of which are among the security
addresses of the port).This is the default method for handling exceptions.
restrict: When violation occurs, the system sends a Trap notice.
shutdown: When violation occurs, the system disables the port and sends a Trap notice.
Switchport Mode Access Native Protected
---------- ---- ------ ----- --------
Trunk 1
Chapter 36 Port-Based Flow Control Configuration
VLAN lists
----
1 Enabled ALL
36-5