Port Security Concepts - NETGEAR M4200 Software Administration Manual

Port Security Concepts

Port security helps to secure the network by preventing unknown devices from forwarding
packets. When a link goes down, all dynamically locked addresses are freed. The port
security feature offers the following benefits:
• You can limit the number of MAC addresses on a given port. Packets that have a
matching MAC address (secure packets) are forwarded; all other packets (unsecure
packets) are restricted.
• You can enable port security on a per port basis.
Port security implements two traffic filtering methods, dynamic locking and static locking.
These methods can be used concurrently.
• Dynamic locking. You can specify the maximum number of MAC addresses that can be
learned on a port. The maximum number of MAC addresses is platform-dependent and is
listed in the software release notes. After the limit is reached, additional MAC addresses
are not learned. Only frames with allowable source MAC addresses are forwarded.
Note: If you want to set a specific MAC address for a port, set the dynamic
entries to 0, then allow only packets with a MAC address matching the
MAC address in the static list.
Dynamically locked addresses can be converted to statically locked addresses.
Dynamically locked MAC addresses are aged out if another packet with that address is
not seen within the age-out time. You can set the time-out value. Dynamically locked
MAC addresses are eligible to be learned by another port. Static MAC addresses are not
eligible for aging.
• Static locking. You can manually specify a list of static MAC addresses for a port.
Dynamically locked addresses can be converted to statically locked addresses.
Managed Switches
Security Management
305