Port Security
Network security can be increased by limiting access on a port to users with specific MAC
addresses. The MAC addresses can be either dynamically learned or statically configured.
Port security monitors received and learned packets. Access to locked ports is limited to users
with specific MAC addresses.
Port Security has two modes:
•
Classic Lock—All learned MAC addresses on the port are locked, and the port does not
learn any new MAC addresses. The learned addresses are not subject to aging or
relearning.
•
Limited Dynamic Lock—The device learns MAC addresses up to the configured limit of
allowed addresses. After the limit is reached, the device does not learn additional
addresses. In this mode, the addresses are subject to aging and relearning.
When a frame from a new MAC address is detected on a port where it is not authorized (the port is
classically locked, and there is a new MAC address, or the port is dynamically locked, and the
maximum number of allowed addresses has been exceeded), the protection mechanism is invoked,
and one of the following actions can take place:
•
Frame is discarded
•
Frame is forwarded
Port is shut down
•
165