Allied Telesis AT-S63 User Manual
AT-S63 Management Software Features Guide
Section VIII: Port Security
351
Overview
You can use this feature to enhance the security of your network by
controlling which end nodes can forward frames through the switch, and
so prevent unauthorized individuals from accessing your network. It uses a
frame’s source MAC address to determine whether the switch should
forward a frame or discard it. The source address is the MAC address of
the end node that sent the frame.
controlling which end nodes can forward frames through the switch, and
so prevent unauthorized individuals from accessing your network. It uses a
frame’s source MAC address to determine whether the switch should
forward a frame or discard it. The source address is the MAC address of
the end node that sent the frame.
There are four levels of port security:
Automatic
Limited
Secured
Locked
You set port security on a per port basis. Only one security level can be
active on a port at a time.
active on a port at a time.
Automatic
The Automatic security mode disables port security on a port. This is the
default security level for a port.
default security level for a port.
Limited
The Limited security level allows you to specify the maximum number of
dynamic MAC addresses a port can learn. The port forwards only packets
of learned source MAC addresses and discards ingress frames with
unknown source MAC addresses.
dynamic MAC addresses a port can learn. The port forwards only packets
of learned source MAC addresses and discards ingress frames with
unknown source MAC addresses.
When the Limited security mode is initially activated on a port, all dynamic
MAC addresses learned by the port are deleted from the MAC address
table. The port then begins to learn new addresses, up to the maximum
allowed. After the port has learned its maximum number of addresses, it
does not learn any new addresses, even when end nodes are inactive.
MAC addresses learned by the port are deleted from the MAC address
table. The port then begins to learn new addresses, up to the maximum
allowed. After the port has learned its maximum number of addresses, it
does not learn any new addresses, even when end nodes are inactive.
A dynamic MAC address learned on a port operating in the Limited
security mode never times out from the MAC address table, even when
the corresponding end node is inactive.
security mode never times out from the MAC address table, even when
the corresponding end node is inactive.
Static MAC addresses are retained by the port and are not included in the
count of maximum dynamic addresses. You can continue to add static
MAC addresses to a port operating with this security level, even after the
port has already learned its maximum number of dynamic MAC
addresses. A switch port can have up to 255 dynamic and static MAC
addresses.
count of maximum dynamic addresses. You can continue to add static
MAC addresses to a port operating with this security level, even after the
port has already learned its maximum number of dynamic MAC
addresses. A switch port can have up to 255 dynamic and static MAC
addresses.