Microsoft ES4625 Benutzerhandbuch
User Authentication
3-65
3
Configuring Port Security
Port security is a feature that allows you to configure a switch port with one or more
device MAC addresses that are authorized to access the network through that port.
device MAC addresses that are authorized to access the network through that port.
When port security is enabled on a port, the switch stops learning new MAC
addresses on the specified port when it has reached a configured maximum
number. Only incoming traffic with source addresses already stored in the dynamic
or static address table will be accepted as authorized to access the network through
that port. If a device with an unauthorized MAC address attempts to use the switch
port, the intrusion will be detected and the switch can automatically take action by
disabling the port and sending a trap message.
addresses on the specified port when it has reached a configured maximum
number. Only incoming traffic with source addresses already stored in the dynamic
or static address table will be accepted as authorized to access the network through
that port. If a device with an unauthorized MAC address attempts to use the switch
port, the intrusion will be detected and the switch can automatically take action by
disabling the port and sending a trap message.
To use port security, specify a maximum number of addresses to allow on the port
and then let the switch dynamically learn the <source MAC address, VLAN> pair for
frames received on the port. Note that you can also manually add secure addresses
to the port using the Static Address Table (page 3-112). When the port has reached
the maximum number of MAC addresses the selected port will stop learning. The
MAC addresses already in the address table will be retained and will not age out.
Any other device that attempts to use the port will be prevented from accessing the
switch.
and then let the switch dynamically learn the <source MAC address, VLAN> pair for
frames received on the port. Note that you can also manually add secure addresses
to the port using the Static Address Table (page 3-112). When the port has reached
the maximum number of MAC addresses the selected port will stop learning. The
MAC addresses already in the address table will be retained and will not age out.
Any other device that attempts to use the port will be prevented from accessing the
switch.
Command Usage
• A secure port has the following restrictions:
• A secure port has the following restrictions:
- It cannot use port monitoring.
- It cannot be a multi-VLAN port.
- It cannot be used as a member of a static or dynamic trunk.
- It should not be connected to a network interconnection device.
- It cannot be a multi-VLAN port.
- It cannot be used as a member of a static or dynamic trunk.
- It should not be connected to a network interconnection device.
• The default maximum number of MAC addresses allowed on a secure port is zero.
You must configure a maximum address count from 1 - 1024 for the port to allow
access.
access.
• If a port is disabled (shut down) due to a security violation, it must be manually
re-enabled from the Port/Port Configuration page (page 3-91).
Command Attributes
• Port – Port number.
• Name – Descriptive text (page 4-144).
• Action – Indicates the action to be taken when a port security violation is detected:
• Port – Port number.
• Name – Descriptive text (page 4-144).
• Action – Indicates the action to be taken when a port security violation is detected:
- None: No action should be taken. (This is the default.)
- Trap: Send an SNMP trap message.
- Shutdown: Disable the port.
- Trap and Shutdown: Send an SNMP trap message and disable the port.
- Trap: Send an SNMP trap message.
- Shutdown: Disable the port.
- Trap and Shutdown: Send an SNMP trap message and disable the port.
• Security Status – Enables or disables port security on the port. (Default: Disabled)
• Max MAC Count – The maximum number of MAC addresses that can be learned
• Max MAC Count – The maximum number of MAC addresses that can be learned
on a port. (Range: 0 - 1024, where 0 means disabled)