Port Security Overview; Port Security Features; Chapter 1 Port Security Configuration - H3C S5600 Series Operation Manual

Operation Manual – Port Security-Port Binding
H3C S5600 Series Ethernet Switches

Chapter 1 Port Security Configuration

When configuring port security, go to these sections for information you are interested
in:

Port Security Overview

Port Security Configuration Task List
Displaying and Maintaining Port Security Configuration
Port Security Configuration Example
Note:
Two port security modes were added: macAddressAndUserLoginSecure and
macAddressAndUserLoginSecureExt. For details, refer to
1.1 Port Security Overview
1.1.1 Introduction
Port security is a security mechanism for network access control. It is an expansion to
the current 802.1x and MAC address authentication.
Port security allows you to define various security modes that enable devices to learn
legal source MAC addresses, so that you can implement different network security
management as needed.
With port security enabled, packets whose source MAC addresses cannot be learned
by your switch in a security mode are considered illegal packets, The events that
cannot pass 802.1x authentication or MAC authentication are considered illegal.
With port security enabled, upon detecting an illegal packet or illegal event, the system
triggers the corresponding port security features and takes pre-defined actions
automatically. This reduces your maintenance workload and greatly enhances system
security and manageability.

1.1.2 Port Security Features

The following port security features are provided:
NTK (need to know) feature: By checking the destination MAC addresses in
outbound data frames on the port, NTK ensures that the switch sends data frames
through the port only to successfully authenticated devices, thus preventing illegal
devices from intercepting network data.
Chapter 1 Port Security Configuration
1-1
Port Security Modes.