Secured, Locked, Security violations and intrusion actions – Allied Telesis AT-S63 User Manual

Page 519

Advertising
background image

AT-S63 Management Software Menus Interface User’s Guide

Section IV: Security

519

A dynamic MAC address learned on a port operating in the Limited
security mode never times out from the MAC address table, even when
the corresponding end node is inactive.

Static MAC addresses are retained by the port and are not included in
the count of maximum dynamic addresses. You can continue to add
static MAC addresses to a port operating with this security level, even
after the port has already learned its maximum number of dynamic MAC
addresses. A switch port can have up to 255 dynamic and static MAC
addresses.

Secured

The Secured security level instructs a port to forward frames using only
static MAC address. The port does not learn any dynamic MAC addresses
and deletes any dynamic addressees that it has already learned. Only
those end nodes whose MAC addresses have been entered as static
addresses are able to forward frames through the port.

After you have activated this security level, you must enter the static
MAC addresses of the end nodes that will be allowed to forward frames
through the port.

Locked

The Locked security level causes a port to immediately stop learning
new dynamic MAC addresses. Frames are forwarded using the dynamic
MAC addresses that the port has already learned and any static MAC
addresses assigned to the port.

Dynamic MAC addresses learned by the port prior to the activation of
this security level never time out from the MAC address table, even
when the corresponding end nodes are inactive. However, the port does
not learn new dynamic addresses.

You can continue to add new static MAC addresses to a port operating
under this security level.

Note

For background information on MAC addresses and aging time,
refer to ”MAC Address Overview” on page 130.

Security

Violations and

Intrusion

Actions

When a port receives an invalid frame, it has to decide what action it
takes. This is what is referred to as intrusion action.

Before defining the intrusion actions, it helps to understand what
constitutes an invalid frame. This differs for each security level, as
explained here:

❑ Limited Security Level - An invalid frame for this security level is an

ingress frame with a source MAC address not already learned by a

Advertising
Popular Brands
Popular manuals