3Com 5500-SI Configuration Manual page 63
5500 series
Hide thumbs
Also See for 5500-SI:
- Datasheet (9 pages) ,
- Getting started manual (148 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
authenticated devices can obtain data frames from the port so as to prevent illegal
devices from filching network data.
2 Intrusion Protection: By way of checking the source MAC addresses of the data
frames received on a port, this feature discovers illegal packets and takes appropriate
action (temporarily/permanently disabling the port, or filtering out the packets with
these MAC addresses) to guarantee the security on the port.
3 Device Tracking: This feature enables the switch to send trap messages in case special
data packets (generated by special actions such as illegal intrusion, and abnormal user
logon/logoff) pass through a port, thus helping the network administrator monitor
these special actions.
4 Binding of MAC and IP addresses to ports: This feature enables you to bind the MAC
and IP addresses of legal users to specific ports on the switch so that only legal user's
packets can pass through the corresponding ports, thus improving the security of the
system)
Configuring Port Security
Table 47 Configure port security
Operation
Enter system view
Enable port security
Set an OUI value for user
authentication
Enable the sending of
specified type(s) of trap
messages
Enter Ethernet port view
Set the security mode of the
port
Set the maximum number of
MAC addresses allowed to
access the port
Set the packet transmission
mode of the NTK feature on
the port
Ethernet Port Configuration Introduction
Command
Description
system-view
-
port-security enable
Required
port-security OUI
Optional
OUI-value index
index-value
port-security trap {
Optional
addresslearned |
By default, the system disables the
intrusion | dot1xlogon |
sending of any types of trap messages.
dot1xlogoff |
dot1xlogfailure |
ralmlogon | ralmlogoff |
ralmlogfailure }*
interface interface-type
-
interface-number
port-security port-mode
Required
mode
You can set different security mode
accordingly.
port-security
Optional
max-mac-count
By default, there is no limit on the
count-value
number of MAC addresses.
port-security ntk-mode
Required
{ ntkonly |
By default, no packet transmission mode
ntk-withbroadcasts |
of the NTK feature is set on the port.
ntk-withmulticasts }
63
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
