DELL N3000 User Manual
Configuring Port and System Security
539
Port Security (Port-MAC Locking)
The Port Security feature allows you to limit the number of source MAC
addresses that can be learned on a port. If a port reaches the configured limit,
any other addresses beyond that limit are not learned and the frames are
discarded. Frames with a source MAC address that has already been learned
will be forwarded.
The purpose of this feature, which is also known as port-MAC locking, is to
The purpose of this feature, which is also known as port-MAC locking, is to
help secure the network by preventing unknown devices from forwarding
packets into the network. For example, to ensure that only a single device can
be active on a port, you can set the number of allowable dynamic addresses to
one. After the MAC address of the first device is learned, no other devices will
be allowed to forward frames into the network.
When link goes down on a port, all of the dynamically locked addresses are
When link goes down on a port, all of the dynamically locked addresses are
cleared from the source MAC address table the feature maintains. When the
link is restored, that port can once again learn addresses up to the specified
limit.
The port can learn MAC addresses dynamically, and you can manually specify
The port can learn MAC addresses dynamically, and you can manually specify
a list of static MAC addresses for a port.
Default 802.1X Values
Table 19-2 lists the default values for the Port Security feature.
Configuring Port Security Configuration (Web)
This section provides information about the OpenManage Switch
Administrator pages for configuring and monitoring the IEEE 802.1X
features and Port Security on a Dell Networking N2000, N3000, and N4000
series switches. For details about the fields on a page, click
at the top of
the page.
Table 19-3. Default Port Security Values
Feature
Description
Port security
Unlocked
Port security traps
Disabled
Maximum learned MAC addresses
100 (when locked)
Monitor mode
Disabled