Advertisement
Port Security Address
Maximum MAC Number
Sticky MAC
Port Protection
Port Isolation
With the port isolation function, the isolation between ports in the same VLAN can be realized. As long as the user adds the
port to the isolation group, the Layer 2 data isolation between the ports in the isolation group can be realized. The port
isolation function provides users with a safer and more flexible networking solution.
Note:
Due to software limitations, only one isolation group is currently supported, and the port isolation function is disabled by
default, that is, the port is added to the default isolation group . After joining , two-way isolation is performed between ports .
ACL
Access control list (ACL) is a collection of one or more rules. A rule is a judgment statement that describes the matching
conditions of a packet. These conditions can be the source address, destination address, port number, etc. of the packet. ACL
is essentially a packet filter, and the rule is the filter element of the filter. The device matches packets based on these rules,
Click to enable Port Security Address, by default is disabled.
Set the maximum number of MAC addresses to be learned by the interface , the value range is an
integer from 1 to 256 , and the default is 1 . After the maximum number is reached , if the switch
receives a packet whose source MAC address does not exist, regardless of whether the destination MAC
address exists, the switch considers that there is an attack by an illegal user, and will protect the
interface according to the port protection configuration (Protect, Restrict or Shutdown).
When the port security is enabled, the Sticky MAC function can be enabled, by default it's disabled .
When enabled, the interface will convert the learned secure dynamic MAC address into a Sticky MAC.
If the maximum number of MAC addresses has been reached, the MAC address in the non-sticky MAC
entry learned by the interface will be discarded , and a trap alarm will be reported according to the
interface protection mode configuration.
Set the protection action when the number of MAC addresses learned by the interface reaches the
maximum number or static MAC address flapping occurs .
There are three modes (Protect, Restrict or Shutdown), the default is Protect.
● Protect: Only discard the packets whose source MAC address does not exist, and does not report an
alarm.
● Restrict: Discard packets with nonexistent source MAC addresses and report an alarm.
● Shutdown: The interface state is set to error-down and an alarm is reported.
Note: By default, an interface will not automatically recover after being shut down, and the
interface can only be enabled by the network administrator under the interface. If you want the shut
down interface to be restored automatically , you can enable Port Auto Recovery function to
automatically restore the interface status to Up.
Port Security
Port Isolation
Advertisement
