Security Management
14.
In this chapter, examples are provided for the following topics:
•
Port Security
•
Set the Dynamic and Static Limit on Port 1/0/1
•
Convert the Dynamic Address Learned from 1/0/1 to a Static Address
•
Create a Static Address
•
Protected Ports
•
802.1x Port Security
•
Create a Guest VLAN
•
Assign VLANs Using RADIUS
•
Dynamic ARP Inspection
•
Static Mapping
•
DHCP Snooping
•
Enter Static Binding into the Binding Database
•
Maximum Rate of DHCP Messages
•
IP Source Guard
Port Security
Port Security helps secure the network by preventing unknown devices from forwarding
packets. When a link goes down, all dynamically locked addresses are freed. The port
security feature offers the following benefits:
•
You can limit the number of MAC addresses on a given port. Packets that have a
matching MAC address (secure packets) are forwarded; all other packets (unsecure
packets) are restricted.
•
You can enable port security on a per port basis.
Port security implements two traffic filtering methods, dynamic locking and static locking.
These methods can be used concurrently.
•
Dynamic locking. You can specify the maximum number of MAC addresses that can be
learned on a port. The maximum number of MAC addresses is platform dependent and is
on page 230
on page 230
on page 237
on page 243
on page 248
on page 254
on page 260
on page 262
on page 268
on page 227
on page 265
on page 266
Chapter 14. Security Management
14
on page 229
| 226