Table of Contents
Advertisement
Configuring Port Security
Network security can be increased by limiting access on a specific port only to users
with specific MAC addresses. The MAC addresses can be dynamically learned or
statically configured. Locked port security monitors both received and learned
packets that are received on specific ports. Access to the locked port is limited to
users with specific MAC addresses. These addresses are either manually defined
on the port, or learned on that port up to the point when it is locked. When a packet
is received on a locked port, and the packet source MAC address is not tied to that
port (either it was learned on a different port, or it is unknown to the system), the
protection mechanism is invoked, and can provide various options. Unauthorized
packets arriving at a locked port are either:
• Forwarded
• Discarded with no trap
• Discarded with a trap
• The port is shut down
Port security allows you to configure a switch port with one or more device MAC
addresses that are authorized to access 'the network through that port.
When port security by MAC address is enabled on a port, the switch stops learning
new MAC addresses on the specified port when it has reached a configured
maximum number. Only incoming traffic with source addresses already stored in the
dynamic or static address table will be accepted as authorized to access the network
through that port. If a device with an unauthorized MAC address attempts to use the
switch port, the intrusion will be detected and the switch can automatically take
action by disabling the port and sending a trap message.
To use port security by MAC address, specify a maximum number of addresses to
allow on the port and then let the switch dynamically learn the source MAC address,
VLAN pair for frames received on the port. Note that you can also manually add
secure addresses to the port using the Static Address Table. When the port has
reached the maximum number of MAC addresses the selected port will stop
learning. The MAC addresses already in the address table will be retained and will
not age out. Any other device that attempts to use the port will be prevented from
accessing the switch. Disabled ports are activated from the Port Security Page.
Ensure the following when configuring port security:
• A secure port has the following restrictions:
- Cannot use port monitoring.
- It cannot be used as a member of a static or dynamic trunk.
- It should not be connected to a network interconnection device.
• Configure a maximum address count for the port to allow access.
• The device supports the range of 1-128 MAC addresses on a locked port.
Command Attributes
• Unit No. — Indicates the stacking member for which the port security information
is displayed.
Configuring Traffic Control
3
151
Hide quick links:
Advertisement
Table of Contents
