Port Security; Overview; Operation - D-Link DWS-3000 Series Configuration Manual

Port Security

This section describes the Port Security feature.

Overview

Port Security:
•
Allows for limiting the number of MAC addresses on a given port.
•
Packets that have a matching MAC address (secure packets) are forwarded; all other pack-
ets (unsecure packets) are restricted.
•
Enabled on a per port basis.
•
When locked, only packets with allowable MAC address will be forwarded.
•
Supports both dynamic and static.
•
Implement two traffic filtering methods. These methods can be used concurrently.
-
-

Operation

Port Security:
•
Helps secure network by preventing unknown devices from forwarding packets.
•
When link goes down, all dynamically locked addresses are 'freed.'
•
If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only
allow packets with a MAC address matching the MAC address in the static list.
•
Dynamically locked MAC addresses are aged out if another packet with that address is not
seen within the age-out time. The user can set the time-out value.
•
Dynamically locked MAC addresses are eligible to be learned by another port.
•
Static MAC addresses are not eligible for aging.
• Dynamically locked addresses can be converted to statically locked addresses.
Dynamic Locking - User specifies the maximum number of MAC addresses that can
be learned on a port. After the limit is reached, additional MAC addresses are not
learned. Only frames with an allowable source MAC address are forwarded.
Static Locking - User manually specifies a list of static MAC addresses for a port.
Dynamically locked addresses can be converted to statically locked addresses.
18
Overview 119