– 97 –
15 PORT SECURITY
Port security is a feature that allows you to configure a switch port with a
maximum number of device MAC addresses that are authorized to access
the network through that port.
When port security is enabled on a port, the switch stops learning new MAC
addresses on the specified port when it has reached a configured maximum
number. Only incoming traffic with source addresses already stored in the
dynamic or static address table will be accepted as authorized to access
the network through that port. If a device with an unauthorized MAC
address attempts to use the switch port, the intrusion will be detected and
the switch can automatically take a specified action.
To use port security, specify a maximum number of addresses to allow on
the port and then let the switch dynamically learn the <source MAC
address, VLAN> pair for frames received on the port. Note that you can
also manually add secure addresses to the port using the Static Address
Table (see “Static MAC Addresses” on page 106). When the port has
reached the maximum number of MAC addresses the selected port will stop
learning. The MAC addresses already in the address table will be retained
and will not age out. Any other device that attempts to use the port will be
prevented from accessing the switch.
PARAMETERS
The following parameters are displayed on the Port Security page:
◆ Port — Port number.
◆ Security — Enables or disables port security for the selected ports.
(Default: Disabled)
◆ Maximum L2 Entry — The maximum number of MAC addresses that
can be learned on a port. (Range: 0 - 16447, where 0 means disabled)
◆ Action — Indicates the action to be taken when a port security
violation is detected:
■
Trap to CPU: Send an SNMP trap message. (This is the default.)
■
Drop: Drop other traffic from the port.
■
Forward: No action is taken. Traffic is forwarded as normal.
To Next Page
General
