Operation Manual – Port Security-Port Binding
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
Port Security Configuration
1-1
Chapter 1 Port Security Configuration
1.1 Port Security Overview
1.1.1 Introduction
Port security is a security mechanism for network access control. It is an expansion to
the current 802.1x and MAC address authentication.
Port security defines various security modes that allow devices to learn legal source
MAC addresses, in order for you to implement different network security management
as needed. With port security, packets whose source MAC addresses cannot be
learned by your switch in a security mode are considered illegal packets, and 802.1x
authentication failure events are considered illegal events.
Upon detecting an illegal packet or illegal event, the system triggers the corresponding
port security features and takes pre-defined actions automatically. This reduces your
maintenance workload and greatly enhances system security and manageability.
1.1.2 Port Security Features
The following port security features are provided:
1) NTK (need to know): By checking the destination MAC addresses in outbound
data frames on a port, NTK ensures that only successfully authenticated devices
can obtain data frames from the port, thus preventing illegal devices from
intercepting network data.
2) Intrusion protection: By checking the source MAC addresses in inbound data
frames or the username and password in 802.1x authentication requests on a port,
intrusion protection detects illegal packets (packets with illegal MAC address) or
events and takes a pre-set action accordingly. The actions you can set include:
disconnecting the port temporarily/permanently, and blocking packets with invalid
MAC addresses.
3) Device tracking: When special data packets (generated from illegal intrusion,
abnormal login/logout or other special activities) are passing through a switch port,
device tracking enables the switch to send Trap messages to help the network
administrator monitor special activities.
1.1.3 Port Security Modes
Table 1-1 describes the available port security modes:
To Next Page
Loading...
Need help?
General