Port Security; Port Security Operation; Static Mac Address-Based Authorization; Ieee 802.1X Authentication - RuggedCom RuggedBackbone RX5000 User Manual

21. Port Security

21. Port Security
ROX™ Port Security provides the following features:
• Authorizing network access using Static MAC Address Table.
• Authorizing network access using IEEE 802.1X authentication.
• Configuring IEEE 802.1X authentication parameters.
• Detecting port security violation attempt and performing appropriate actions.

21.1. Port Security Operation

Port Security, or Port Access Control, provides the ability to filter or accept traffic from specific MAC
addresses.
Port Security works by inspecting the source MAC addresses of received frames and validating them
against the list of MAC addresses authorized on the port. Unauthorized frames will be filtered and,
optionally, the port that receives the frame will be shut down permanently or for a period of time.
Frames to unknown destination addresses will not be flooded through secure ports.
Port security is applied at the edge of the network in order to restrict admission to specific
devices. Do not apply port security on core switch connections.
ROX™ supports the MAC address authorization methods described below:

21.1.1. Static MAC address-based authorization

• With this method, the switch validates the source MAC addresses of received frames against the
contents in the Static MAC Address Table.
• ROX™ also supports a highly flexible Port Security configuration which provides a convenient means
for network administrators to use the feature in various network scenarios.
• A Static MAC address can be configured without a port number being explicitly specified. In this case,
the configured MAC address will be automatically authorized on the port where it is detected. This
allows devices to be connected to any secure port on the switch without requiring any reconfiguration.
• The switch can also be programmed to learn (and, thus, authorize) a preconfigured number of the first
source MAC addresses encountered on a secure port. This enables the capture of the appropriate
secure addresses when first configuring MAC address-based authorization on a port. Those MAC
addresses are automatically inserted into the Static MAC Address Table and remain there until
explicitly removed by the user.

21.1.2. IEEE 802.1X Authentication

The IEEE 802.1X standard defines a mechanism for port-based network access control and provides
a means of authenticating and authorizing devices attached to LAN ports.
Although 802.1X is mostly used in wireless networks, this method is also implemented in wired switches.
The 802.1X standard defines three major components of the authentication method: Supplicant,
Authenticator and Authentication server.
ROX™ v2.2 User Guide 201 RuggedBackbone™ RX5000