172
Port security features
NTK
The need to know (NTK) feature checks the destination MAC addresses in outbound frames and allows
frames to be sent to only devices and hosts that have passed authentication or are using MAC addresses
on the MAC address list. This prevents illegal devices from intercepting network traffic.
Intrusion protection
The intrusion protection feature checks the source MAC address in inbound frames for illegal frames and
takes a pre-defined action on each detected illegal frame. The action can be disabling the port
temporarily, disabling the port permanently, or blocking frames from the illegal MAC address for three
minutes (not user configurable).
Port security traps
You can configure the port security module to send traps for port security events such as login, logoff, and
MAC authentication. These traps help you monitor user behaviors.
Port security modes
Port security supports the following categories of security modes:
• MAC learning control—Includes two modes, autoLearn and secure. MAC address learning is
permitted on a port in autoLearn mode and disabled in secure mode.
• Authentication—Security modes of this category use MAC authentication, 802.1X authentication or
their combinations to implement authentication.
Upon receiving a frame, the port in a security mode searches the MAC address table for the source MAC
address. If a match is found, the port forwards the frame. If no match is found, the port learns the MAC
address or performs authentication, depending on the security mode. If an illegal frame or event is
detected, the port takes the pre-defined NTK, intrusion protection, or trapping action.
Table 12 d
escribes the port security modes and the security features.
Table 12 Port security modes
On the port, if you want to… Use the security mode…
Features that can be
tri
ered
Turn off the port security feature
noRestrictions (the default mode)
In this mode, port security is disabled on the port
and access to the port is not restricted.
—
Control MAC address learning
autoLearn
NTK/intrusion
protection
secure
Perform 802.1X authentication
userLogin —
userLoginSecure
NTK/intrusion
protection
userLoginSecureExt
userLoginWithOUI
Perform MAC authentication macAddressWithRadius
NTK/intrusion
protection
Perform a combination of MAC
Or macAddressOrUserLoginSecure
NTK/intrusion
To Next Page
Loading...
