A10E/A28E/A28F Configuration Guide
You can enable port security MAC to limit and distinguish which users can access the
network through secure port. Only packets from the secure MAC addresses can access the
network, and unsecure MAC addresses will be dealt with as configured interface access
violation mode.
Secure MAC address classification
Secure MAC addresses supported by the device are divided into the following three categories:
Static secure MAC address
Static secure MAC address is configured by user on secure interface manually; this MAC
address will take effect when port security MAC is enabled. Static secure MAC address does
not age and supports loading configuration.
Dynamic secure MAC address
The dynamic secure MAC address is learnt by the device. You can set the learnt MAC address
to secure MAC address in the range of the maximum number of learnt MAC address. The
dynamic secure MAC addresses ages and does not support configuration load.
Dynamic secure MAC address can be converted to Sticky secure MAC address if needed, so
as not to age and support configuration load.
Sticky secure MAC address
Sticky secure MAC address is generated from the manual configuration of users in secure
interface or converted from dynamic secure MAC address. Different from static secure MAC
address, Sticky secure MAC address needs to be used in conjunction with Sticky learning:
– When Sticky learning is enabled, Sticky secure MAC address will take effect and this
address will not age and support loading configurations.
– When Sticky learning is disabled, Sticky secure MAC address will lose effectiveness
and be saved only in the system.
When Sticky learning is enabled, all dynamic secure MAC addresses learnt from
an interface will be converted to Sticky secure MAC addresses.
When Sticky learning is disabled, all Sticky secure MAC addresses on an
interface will be converted to dynamic secure MAC addresses.
Processing mode for violating secure MAC address
When the number of secure MAC addresses has already reached the maximum number, the
strange source MAC address packets inputting will be regarded as violation operation. For the
illegal user access, there are different processing modes to configure the switch according to
secure MAC violation policy:
Protect mode: for illegal access users, secure interface will discard the user's packets
directly.
Restrict mode: for illegal access users, secure interface will discard the user's packets,
and the console will print Syslog information and send alarm to the network
management system.
Shutdown mode: for illegal access users, secure interface will discard the user's packets,
and the console will print Syslog information and send alarm to the network
management system and then shut down the secure interface.
To Next Page
Loading...