Mac address security overview, Automatic, Limited – Allied Telesis AT-S63 User Manual

Chapter 23: Port Security

518

Section IV: Security

MAC Address Security Overview

This feature can enhance the security of your network. You can use it to
control which end nodes can forward frames through the switch, and so
prevent unauthorized individuals from accessing your network or
particular parts of the network.

This type of network security uses a frame’s source MAC address to
determine whether the switch should forward a frame or discard it. The
source address is the MAC address of the end node that sent the frame.

There are four levels of port security:

❑ Automatic

❑ Limited

❑ Secured

❑ Locked

You set port security on a per port basis. Only one security level can be
active on a port at a time.

Automatic

The Automatic security mode disables port security on a port. This is the
default security level for a port.

A dynamic MAC address learned by a port operating with this security
level is deleted from the MAC address table after the end node is inactive
for a specified period of time. This prevents the table from becoming full
of MAC addresses of inactive nodes. The length of time an inactive
dynamic MAC address remains in the table is determined by the MAC
aging time.

Limited

The Limited security level allows you to specify the maximum number of
dynamic MAC addresses a port can learn. After a port has learned its
maximum number of addresses, it discards all ingress frames with source
MAC addresses not already learned.

When the Limited security mode is initially activated on a port, all
dynamic MAC addresses learned by the port are deleted from the MAC
address table. The port then begins to learn new addresses, up to the
maximum allowed. After the port has learned its maximum number of
addresses, it does not learn any new addresses, even when end nodes
are inactive.