Chapter 1 Port Security Configuration; Introduction To Port Security; Port Security Overview; Port Security Features - H3C S5500-EI series Operation Manual

Hide thumbs Also See for S5500-EI series:

Table of Contents

Operation Manual – Port Security

H3C S5500-EI Series Ethernet Switches

Chapter 1 Port Security Configuration

When configuring port security, go to these sections for information you are interested

Port Security Configuration Task List

Displaying and Maintaining Port Security

Port Security Configuration Examples

Troubleshooting Port Security

1.1 Introduction to Port Security

Port security is a MAC address-based security mechanism for network access

controlling. It is an extension to the existing 802.1x authentication and MAC

authentication. It controls the access of unauthorized devices to the network by

checking the source MAC address of an inbound frame and the access to unauthorized

devices by checking the destination MAC address of an outbound frame.

With port security, you can define various port security modes to make a device learn

only legal source MAC addresses, so that you can implement different network security

management as needed. When a port security-enabled device detects an illegal frame,

it triggers the corresponding port security feature and takes a pre-defined action

automatically. This reduces your maintenance workload and greatly enhances system

The following types of frames are classified as illegal:

Received frames with unknown source MAC addresses when MAC address

learning is disabled.

Received frames with unknown source MAC addresses when the number of MAC

addresses learned by the port has already reached the upper limit.

Frames from unauthenticated users.

The need to know (NTK) feature checks the destination MAC addresses in outbound

frames and allows frames to be sent to only devices passing authentication, thus

preventing illegal devices from intercepting network traffic.

Chapter 1 Port Security Configuration

Table of Contents