Mac address port security guidelines – Allied Telesis AT-S63 User Manual

Chapter 30: MAC Address-based Port Security

712

Section VII: Port Security

Intrusion action defines what a port does when it receives an invalid frame.
For a port operating under either the Secured or Locked security mode,
the intrusion action is always the same. The port discards the frame.

But with the Limited security mode you can specify an intrusion action.
Here are the options:

ˆ

Discard the invalid frame.

ˆ

Discard the invalid frame and send an SNMP trap. (SNMP must be
enabled on the switch for the trap to be sent.)

ˆ

Discard the invalid frame, send an SNMP trap, and disable the port.

MAC Address

Port Security

Guidelines

Following are several general guidelines to keep in mind when using this
type of port security:

ˆ

The filtering of a packet occurs on the ingress port, not on the egress
port.

ˆ

You can configure MAC address port security from a local, Telnet, or
SSH management session, but not from a web browser management
session.

ˆ

You cannot use MAC address port security and 802.1x port-based
access control on the same port. To configure a port as an
Authenticator or Supplicant in 802.1x port-based access control, you
must set its MAC address security level to Automatic, which is the
default setting.

ˆ

This type of port security is not supported on optional GBIC or SFP
modules.