Installation manual

ManualsBrandsSignaMax ManualsComputer equipmentF0-065-1200 Series

141

142

143

144

145

146

147

148

149

150

3-98

SIGNAMAX LLC • www.signamax.eu

• DHCP Snooping – Filters IP traffic on unsecure ports for which the source address

cannot be identified via DHCP snooping nor static source bindings. (See “DHCP

Snooping” on page 3-116.)

• IP Source Guard – Filters untrusted DHCP messages on unsecure ports by building and

maintaining a DHCP snooping binding table. (See “IP Source Guard” on page 3-123.)

Note:

The priority of execution for the filtering commands is Port Security, Port Authentication,

Network Access, Web Authentication, Access Control Lists, IP Source Guard, and then

DHCP Snooping.

Configuring Port Security

Port security is a feature that allows you to configure a switch port with one or more

device MAC addresses that are authorized to access the network through that port.

When port security is enabled on a port, the switch stops learning new MAC addresses

on the specified port when it has reached a configured maximum number. Only incoming

traffic with source addresses already stored in the dynamic or static address table will be

authorized to access the network through that port. If a device with an unauthorized MAC

address attempts to use the switch port, the intrusion will be detected and the switch can

automatically take action by disabling the port and sending a trap message.

To use port security, specify a maximum number of addresses to allow on the port and

then let the switch dynamically learn the <source MAC address, VLAN> pair for frames

received on the port. Note that you can also manually add secure addresses to the port

using the Static Address Table (page 3-153). When the port has reached the maximum

number of MAC addresses the selected port will stop learning. The MAC addresses

already in the address table will be retained and will not age out. Any other device that

attempts to use the port will be prevented from accessing the switch.

Command Usage

• A secure port has the following restrictions:

- It cannot be used as a member of a static or dynamic trunk.

- It should not be connected to a network interconnection device.

• The default maximum number of MAC addresses allowed on a secure port is zero. You

must configure a maximum address count from 1 - 1024 for the port to allow access.

• If a port is disabled (shut down) due to a security violation, it must be manually

re-enabled from the Port/Port Configuration page (page 3-130).

Command Attributes

• Port – Port number.

• Name – Descriptive text (page 4-187).

• Action – Indicates the action to be taken when a port security violation is detected:

- None: No action should be taken. (This is the default.)

- Trap: Send an SNMP trap message.

- Shutdown: Disable the port.

- Trap and Shutdown: Send an SNMP trap message and disable the port.