3com S7906E 설치 설명서
1-2
Port Security Features
NTK
The need to know (NTK) feature checks the destination MAC addresses in outbound frames and allows
frames to be sent to only devices passing authentication, thus preventing illegal devices from
intercepting network traffic.
Intrusion protection
The intrusion protection feature checks the source MAC addresses in inbound frames and takes a
pre-defined action accordingly upon detecting illegal frames. The action may be disabling the port
temporarily, disabling the port permanently, or blocking frames from the MAC address for three minutes
(unmodifiable).
Trap
The trap feature enables the device to send trap messages upon detecting specified frames that result
from, for example, intrusion or user login/logout operations, helping you monitor special activities.
Port Security Modes
details the port security modes.
Table 1-1 Port security modes
Security mode
Description
Features
noRestrictions
Port security is disabled on the port and access
to the port is not restricted.
to the port is not restricted.
In this mode, neither
the NTK nor the
intrusion protection
feature is triggered.
the NTK nor the
intrusion protection
feature is triggered.
autoLearn
In this mode, a port can learn a specified
number of MAC addresses and save those
addresses as secure MAC addresses. It
permits only frames whose source MAC
addresses are secure MAC addresses or static
MAC addresses configured by using the
mac-address static command.
number of MAC addresses and save those
addresses as secure MAC addresses. It
permits only frames whose source MAC
addresses are secure MAC addresses or static
MAC addresses configured by using the
mac-address static command.
When the number of secure MAC addresses
reaches the upper limit, the port changes to
work in secure mode and no more secure MAC
addresses can be added.
reaches the upper limit, the port changes to
work in secure mode and no more secure MAC
addresses can be added.
secure
In this mode, learning MAC address is disabled
on the port. The port permits only frames whose
source MAC addresses are secure MAC
addresses or static MAC addresses configured
by using the mac-address static command.
on the port. The port permits only frames whose
source MAC addresses are secure MAC
addresses or static MAC addresses configured
by using the mac-address static command.
In either mode, the
device will trigger NTK
and intrusion
protection upon
detecting an illegal
frame.
device will trigger NTK
and intrusion
protection upon
detecting an illegal
frame.
In autoLearn mode,
dynamic MAC
address learning is
disabled.
dynamic MAC
address learning is
disabled.
userLogin
In this mode, a port performs 802.1X
authentication of users in portbased mode.
authentication of users in portbased mode.
A port in this mode can service multiple 802.1X
users, but allows only one at a moment.
users, but allows only one at a moment.
In this mode, neither
NTK nor intrusion
protection will be
triggered.
NTK nor intrusion
protection will be
triggered.