Operation Manual – Port Security-Port Binding
H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration
1-1
Chapter 1 Port Security Configuration
When configuring port security, go to these sections for information you are interested
in:
z Port Security Overview
z Port Security Configuration Task List
z Displaying and Maintaining Port Security Configuration
z Port Security Configuration Example
1.1 Port Security Overview
1.1.1 Introduction
Port security is a security mechanism for network access control. It is an expansion to
the current 802.1x and MAC address authentication.
Port security allows you to define various security modes that enable devices to learn
legal source MAC addresses, so that you can implement different network security
management as needed.
With port security enabled, packets whose source MAC addresses cannot be learned
by your switch in a security mode are considered illegal packets, The events that
cannot pass 802.1x authentication or MAC authentication are considered illegal.
With port security enabled, upon detecting an illegal packet or illegal event, the system
triggers the corresponding port security features and takes pre-defined actions
automatically. This reduces your maintenance workload and greatly enhances system
security and manageability.
1.1.2 Port Security Features
The following port security features are provided:
z NTK (need to know) feature: By checking the destination MAC addresses in
outbound data frames on the port, NTK ensures that the switch sends data frames
through the port only to successfully authenticated devices, thus preventing illegal
devices from intercepting network data.
z Intrusion protection feature: By checking the source MAC addresses in inbound
data frames or the username and password in 802.1x authentication requests on
the port, intrusion protection detects illegal packets or events and takes a pre-set
action accordingly. The actions you can set include: disconnecting the port
temporarily/permanently, and blocking packets with the MAC address specified as
illegal.
To Next Page
Loading...
Need help?
General