What is the Internal Authentication Server?
The Internal Authentication Server (IAS) is a dedicated database for local
authentication of users for network access through 802.1X. In this database,
the switch maintains a list of username and password combinations to use for
802.1X authentication. You can manually create entries in the database, or
you can upload the IAS information to the switch.
If the authentication method for 802.1X is IAS, the switch uses the locally
stored list of username and passwords to provide port-based authentication to
users instead of using an external authentication server.
The IAS database does not handle VLAN assignments or DiffServ policy
What is Port Security?
The Port Security feature allows you to limit the number of source MAC
address that can be learned on a port. If a port reaches the configured limit,
any other addresses beyond that limit are not learned and the frames are
discarded. Frames with a source MAC address that has already been learned
will be forwarded.
The purpose of this feature, which is also known as port-MAC locking, is to
help secure the network by preventing unknown devices from forwarding
packets into the network. For example, to ensure that only a single device can
be active on a port, you can set the number of allowable dynamic addresses to
one. After the MAC address of the first device is learned, no other devices will
be allowed to forward frames into the network.
When link goes down on a port, all of the dynamically locked addresses are
cleared from the source MAC address table the feature maintains. When the
link is restored, that port can once again learn addresses up to the specified
The port can learn MAC addresses dynamically, and you can manually specify
a list of static MAC addresses for a port.
Configuring 802.1X and Port-Based Security