Manualsbrain.com
  1. Manuels
  2. Marques
  3. 3com
  4. WX3000
  5. Manuel D’Utilisation

3com WX3000 Manuel D’Utilisation

Télécharger
Page de 715
 
1-1 
1  
Port Security Configuration 
 
 
The term switch used throughout this chapter refers to a switching device in a generic sense or the 
switching engine of a unified switch in the WX3000 series. 
The sample output information in this manual was created on the WX3024. The output information 
on your device may vary. 
 
Port Security Overview 
Introduction 
Port security is a security mechanism for network access control. It is an expansion to the current 
802.1x and MAC address authentication.  
Port security allows you to define various security modes that enable devices to learn legal source MAC 
addresses, so that you can implement different network security management as needed.  
With port security enabled, packets whose source MAC addresses cannot be learned by the device in 
the security mode are considered illegal packets. The events that cannot pass 802.1x authentication or 
MAC authentication are considered illegal. 
With port security enabled, upon detecting an illegal packet or illegal event, the system triggers the 
corresponding port security features and takes pre-defined actions automatically. This reduces your 
maintenance workload and greatly enhances system security and manageability. 
Port Security Features 
The following port security features are provided: 
NTK (need to know) feature: By checking the destination MAC addresses in outbound data frames 
on the port, NTK ensures that the device sends data frames through the port only to successfully 
authenticated devices, thus preventing illegal devices from intercepting network data. 
Intrusion protection feature: By checking the source MAC addresses in inbound data frames or the 
username and password in 802.1x authentication requests on the port, intrusion protection detects 
illegal packets or events and takes a pre-set action accordingly. The actions you can set include: 
disconnecting the port temporarily/permanently, and blocking packets with the MAC address 
specified as illegal. 
Trap feature: When special data packets (generated from illegal intrusion, abnormal login/logout or 
other special activities) are passing through a port on the device, device tracking enables the 
switch to send Trap messages to help the network administrator monitor special activities.