Chapter 22: client security commands, Port security commands, Table 22-1 – Edge Products ES3528-WDM User Manual
Page 371: Client security commands, Table 22-2
22-1
Chapter 22: Client Security Commands
This switch supports many methods of segregating traffic for clients attached to
each of the data ports, and for ensuring that only authorized clients gain access to
the network. Private VLANs and port-based authentication using IEEE 802.1X are
commonly used for these purposes. In addition to these methods, several other
options of providing client security are supported by this switch. These include
port-based authentication, which can be configured for network client access
by specifying a fixed set of MAC addresses (either by freezing a set of dynamically
learned entries or through static configuration), or by statically configured MAC/IP
address pairs. The addresses assigned to DHCP clients can also be carefully
controlled using static or dynamic bindings with the IP Source Guard and DHCP
Snooping commands.
Port Security Commands
These commands can be used to enable port security on a port. When using port
security, the switch stops learning new MAC addresses on the specified port when it
has reached a configured maximum number. Only incoming traffic with source
addresses already stored in the dynamic or static address table for this port will be
authorized to access the network. The port will drop any incoming frames with a
source MAC address that is unknown or has been previously learned from another
port. If a device with an unauthorized MAC address attempts to use the switch port,
the intrusion will be detected and the switch can automatically take action by
disabling the port and sending a trap message.
Table 22-1 Client Security Commands
Command Group
Function
Page
Private VLANs
Configures private VLANs, including uplink and downlink ports
Port Authentication
Configures host authentication on specific ports using 802.1X
Port Security
*
* The priority of execution for these filtering commands is Port Security, IP Source Guard, and then DHCP Snooping.
Configures secure addresses for a port
IP Source Guard
Filters IP traffic on unsecure ports for which the source address
cannot be identified via DHCP snooping nor static source bindings
DHCP Snooping
Filters untrusted DHCP messages on unsecure ports by building
and maintaining a DHCP snooping binding table
Table 22-2 Port Security Commands
Command
Function
Mode
Page
port security
Configures a secure port
IC
mac-address-table static
Maps a static address to a port in a VLAN
GC
show mac-address-table
Displays entries in the bridge-forwarding database
PE