Invalid frames and intrusion actions – Allied Telesis AT-S63 User Manual
Page 359
AT-S63 Management Software Features Guide
Section VIII: Port Security
359
Invalid Frames and Intrusion Actions
When a port receives an invalid frame, it has to select an intrusion action,
which defines the port’s response to the packet. But before defining the
intrusion actions, it helps to understand what constitutes an invalid frame.
This differs for each security level, as explained here:
Limited Security Level - An invalid frame for this security level is an
ingress frame with a source MAC address not already learned by a
port after the port had reached its maximum number of dynamic MAC
addresses, or that was not assigned to the port as a static address.
Secured Security Level - An invalid frame for this security level is an
ingress frame with a source MAC address that was not entered as a
static address on the port.
Locked - An invalid frame for this security level is an ingress frame with
a source MAC address that the port has not already learned or that
was not assigned as a static address.
Intrusion action defines what a port does when it receives an invalid frame.
For a port operating under either the Secured or Locked security mode,
the intrusion action is always the same. The port discards the frame.
But with the Limited security mode you can specify the intrusion action.
Here are the options:
Discard the invalid frame.
Discard the invalid frame and send an SNMP trap. (SNMP must be
enabled on the switch for the trap to be sent.)
Discard the invalid frame, send an SNMP trap, and disable the port.