91
PORT SECURITY CONFIGURATION
When configuring port security, go to these sections for information you are
interested in:
■ “Introduction to Port Security” on page 1161
■ “Port Security Configuration Task List” on page 1164
■ “Displaying and Maintaining Port Security” on page 1169
■ “Port Security Configuration Examples” on page 1169
■ “Troubleshooting Port Security” on page 1178
Introduction to Port
Security
Port Security Overview Port security is a MAC address-based security mechanism for network access
controlling. It is an extension to the existing 802.1x authentication and MAC
authentication. It controls the access of unauthorized devices to the network by
checking the source MAC address of an inbound frame and the access to
unauthorized devices by checking the destination MAC address of an outbound
frame.
With port security, you can define various port security modes to make a device
learn only legal source MAC addresses, so that you can implement different
network security management as needed. When a port security-enabled device
detects an illegal frame, it triggers the corresponding port security feature and
takes a pre-defined action automatically. This reduces your maintenance workload
and greatly enhances system security.
The following types of frames are classified as illegal:
■ Received frames with unknown source MAC addresses when MAC address
learning is disabled.
■ Received frames with unknown source MAC addresses when the number of
MAC addresses learned by the port has already reached the upper limit.
■ Frames from unauthenticated users.
Port Security Features NTK
The need to know (NTK) feature checks the destination MAC addresses in
outbound frames and allows frames to be sent to only devices passing
authentication, thus preventing illegal devices from intercepting network traffic.
To Next Page
Loading...
