MES1000, MES2000 Ethernet Switches 171
5.27 Security functions
5.27.1 Port security functions
For increased security purposes, the switch allows to configure specific ports in such a manner, that
only certain devices could access the switch through this port. Port security function is based on the
permitted MAC address identification. MAC addresses can be configured manually or learned by the
switch. After the required addresses has been learnt, block the port and protect it from packets with
unknown MAC addresses. Thus, when the blocked port receives the packet, and the packet source MAC
address is not related to this port, protection mechanism will be activated, which can take the following
measures: unauthorized packets, coming to the blocked port, will be forwarded, dropped, or the port goes
down. Locked Port security function allows to save the list of learnt MAC addresses into the configuration
file, so this list could be restored after the device is restarted.
There is a restriction on the quantity of learnt MAC addresses for the port protected with
security function. For MES1024/MES1124/MES2124 switches, this restriction equals to 128
addresses per port.
Ethernet interface configuration mode commands (interface range), port group interface
Command line request in Ethernet interface, port group interface configuration mode appears as
follows:
console(config-if)#
Table 5.197 —Ethernet interface configuration mode commands, interface group
Define the maximum address quantity that could be learnt by
the port.
Restore the default value.
port security routed
secure-address
mac_address
MAC address format:
H.H.H, H:H:H:H:H:H,
H-H-H-H-H-H
Define the secured MAC address.
no port security routed
secure-address
[mac_address]
Remove the secured MAC address.
Enable security function for the interface. Block new address
learning function for the interface. Packets with unknown
source MAC addresses will be dropped. This command is
identical to the port security discard command.
port security forward
[trap trap]}
Enable security function for the interface. Block new address
learning function for the interface. Packets with unknown
source MAC addresses will be forwarded.
port security discard
[trap trap]
Enable security function for the interface. Block new address
learning function for the interface. Packets with unknown
source MAC addresses will be dropped.
port security discard-
shutdown [trap trap]
Enable security function for the interface. Disable the port,
when packets with unknown MAC addresses arrive. Packets
with unknown source MAC addresses will be dropped.
Define the SNMP trap message generation frequency, when
unauthorized packets arrive.
Disable security function for the interface.
port security mode {max-
addresses | lock}
Enable the MAC address learning restriction mode for the
configured interface.
- max-addresses—remove the current dynamically learnt
To Next Page
Loading...
Need help?
General
