Chapter 14. Security Management | 226
14
14. Security Management
In this chapter, examples are provided for the following topics:
• Port Security
• Set the Dynamic and Static Limit on Port 1/0/1 on page 227
• Convert the Dynamic Address Learned from 1/0/1 to a Static Address on page 229
• Create a Static Address on page 230
• Protected Ports on page 230
• 802.1x Port Security on page 237
• Create a Guest VLAN on page 243
• Assign VLANs Using RADIUS on page 248
• Dynamic ARP Inspection on page 254
• Static Mapping on page 260
• DHCP Snooping on page 262
• Enter Static Binding into the Binding Database on page 265
• Maximum Rate of DHCP Messages on page 266
• IP Source Guard on page 268
Port Security
Port Security helps secure the network by preventing unknown devices from forwarding
packets. When a link goes down, all dynamically locked addresses are freed. The port
security feature offers the following benefits:
• You can limit the number of MAC addresses on a given port. Packets that have a
matching MAC address (secure packets) are forwarded; all other packets (unsecure
packets) are restricted.
• You can enable port security on a per port basis.
Port security implements two traffic filtering methods, dynamic locking and static locking.
These methods can be used concurrently.
• Dynamic locking. You can specify the maximum number of MAC addresses that can be
learned on a port. The maximum number of MAC addresses is platform dependent and is
To Next Page
Loading...
