Allied Telesis AT-8000S 사용자 설명서
Page 46
Allied Telesis AT-8000S Switch
Web Browser Interface User’s Guide
Network Security Overview
Port-based authentication provides traditional 802.1x support, as well as, Guest VLANs. Guest VLANs limited
network access to authorized ports. If a port is denied network access via port-based authorization, but the Guest
VLAN is enabled, the port receives limited network access. For example, a network administrator can use Guest
VLANs to deny network access via port-based authentication, but grant Internet access to unauthorized users.
network access to authorized ports. If a port is denied network access via port-based authorization, but the Guest
VLAN is enabled, the port receives limited network access. For example, a network administrator can use Guest
VLANs to deny network access via port-based authentication, but grant Internet access to unauthorized users.
Managing Port Security
Network security can be increased by limiting access on a specific port only to users with specific MAC addresses.
The MAC addresses can be dynamically learned or statically configured. Locked port security monitors both
received and learned packets that are received on specific ports. Access to the locked port is limited to users with
specific MAC addresses. These addresses are either manually defined on the port, or learned on that port up to
the point when it is locked. When a packet is received on a locked port, and the packet D-Link source MAC
address is not tied to that port (either it was learned on a different port, or it is unknown to the system), the
protection mechanism is invoked, and can provide various options. Unauthorized packets arriving at a locked port
are either:
The MAC addresses can be dynamically learned or statically configured. Locked port security monitors both
received and learned packets that are received on specific ports. Access to the locked port is limited to users with
specific MAC addresses. These addresses are either manually defined on the port, or learned on that port up to
the point when it is locked. When a packet is received on a locked port, and the packet D-Link source MAC
address is not tied to that port (either it was learned on a different port, or it is unknown to the system), the
protection mechanism is invoked, and can provide various options. Unauthorized packets arriving at a locked port
are either:
•
Forwarded
•
Discarded with no trap
•
Discarded with a trap
•
Shuts down the port.
Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list
can be restored after the device has been reset. Disabled ports are activated from the Port Security Page. To
define port security
can be restored after the device has been reset. Disabled ports are activated from the Port Security Page. To
define port security
The Port Security Page enhances network security by providing port locking management to network
administrators.
administrators.
To configure secure ports:
1.
Click Network Security > Port Security. The Port Security Page opens: