Port Security (Port-Mac Locking) - Dell Networking N4000 Series Configuration Manual

Port Security (Port-MAC Locking)

The Port Security feature allows you to limit the number of source MAC
addresses that can be learned on a port. If a port reaches the configured limit,
any other addresses beyond that limit are not learned and the frames are
discarded. Frames with a source MAC address that has already been learned
will be forwarded.
The purpose of this feature, which is also known as port-MAC locking, is to
help secure the network by preventing unknown devices from forwarding
packets into the network. For example, to ensure that only a single device can
be active on a port, you can set the number of allowable dynamic addresses to
one. After the MAC address of the first device is learned, no other devices will
be allowed to forward frames into the network.
When link goes down on a port, all of the dynamically locked addresses are
cleared from the source MAC address table the feature maintains. When the
link is restored, that port can once again learn addresses up to the specified
limit.
The port can learn MAC addresses dynamically, and you can manually specify
a list of static MAC addresses for a port.
Default 802.1X Values
Table 19-2 lists the default values for the Port Security feature.
Table 19-3. Default Port Security Values
Feature
Port security
Port security traps
Maximum learned MAC addresses
Monitor mode
Configuring Port Security Configuration (Web)
This section provides information about the OpenManage Switch
Administrator pages for configuring and monitoring the IEEE 802.1X
features and Port Security on a Dell Networking N2000, N3000, and N4000
series switches. For details about the fields on a page, click
the page.
Description
Unlocked
Disabled
100 (when locked)
Disabled
Configuring Port and System Security
at the top of
539