User`s guide
AT-S45 User’s Guide
57
Port Security Overview
The port security feature can enhance the security of your network. You
can use the feature to control the number of MAC addresses learned on
the ports, and so control the number of network devices that can
forward frames through the switch.
There are four levels of port security. The security level can be set on a
per port basis.
Normal
This operating mode disables port security. The switch learns and adds
addresses to its dynamic MAC address table as it receives frames on the
ports.
Note
The Normal security mode is the default security level for the switch.
Limited
You can use this security level to specify the maximum number of
dynamic MAC addresses a port on the switch can learn. Once a port has
learned its maximum limit of MAC addresses, it discards ingress frames
with source MAC addresses not already stored in the MAC address table.
The MAC aging time remains active under this security level. Inactive
dynamic MAC addresses learned on a port are aged out of the table.
Note
Static MAC addresses are retained by the switch and are not
included in the count of maximum addresses that can be learned by
a port. You can continue to add static MAC addresses to a port even
if the port has already learned its maximum number of dynamic
MAC addresses.
Secure
The Secure level stops a port from learning any new dynamic MAC
addresses. The port will forward ingress frames based on the dynamic
MAC addresses it has already learned and on any static MAC addresses.
The dynamic MAC addresses learned are not aged out of the table, even
when an end node is inactive.
You can continue to add static MAC addresses to a port operating under
this security level.