System information

Overview 119

Port Security

This section describes the Port Security feature.

Overview

Port Security:

• Allows for limiting the number of MAC addresses on a given port.

• Packets that have a matching MAC address (secure packets) are forwarded; all other pack-

ets (unsecure packets) are restricted.

• Enabled on a per port basis.

• When locked, only packets with allowable MAC address will be forwarded.

• Supports both dynamic and static.

• Implement two traffic filtering methods. These methods can be used concurrently.

- Dynamic Locking - User specifies the maximum number of MAC addresses that can

be learned on a port. After the limit is reached, additional MAC addresses are not

learned. Only frames with an allowable source MAC address are forwarded.

- Static Locking - User manually specifies a list of static MAC addresses for a port.

Dynamically locked addresses can be converted to statically locked addresses.

Operation

Port Security:

• Helps secure network by preventing unknown devices from forwarding packets.

• When link goes down, all dynamically locked addresses are ‘freed.’

• If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only

allow packets with a MAC address matching the MAC address in the static list.

• Dynamically locked MAC addresses are aged out if another packet with that address is not

seen within the age-out time. The user can set the time-out value.

• Dynamically locked MAC addresses are eligible to be learned by another port.

• Static MAC addresses are not eligible for aging.

• Dynamically locked addresses can be converted to statically locked addresses.