Chapter 13 port security, 1 introduction to port security, 2 port security configuration task list – QTECH QSW-3400 Инструкция по настройке User Manual
Page 109: Ntroduction to, Port, Security, Onfiguration
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
108
Chapter 13 PORT SECURITY
13.1 Introduction to PORT SECURITY
Port security is a MAC address-based security mechanism for network access controlling. It is
an extension to the existing 802.1x authentication and MAC authentication. It controls the
access of unauthorized devices to the network by checking the source MAC address of the
received frame and the access to unauthorized devices by checking the destination MAC
address of the sent frame. With port security, you can define various port security modes to
make that a device learns only legal source MAC addresses, so as to implement
corresponding network security management. After port security is enabled, the device detects
an illegal frame, it triggers the corresponding port security feature and takes a pre-defined
action automatically. This reduces user’s maintenance workload and greatly enhances system
security.
13.2 PORT SECURITY Configuration Task List
1. Basic configuration for PORT SECURITY
Command
Explanation
Port mode
switchport port-security
no switchport port-security
Configure port-security of the
interface.
switchport port-security mac-address <mac-address>
[vlan <vlan-id>]
no switchport port-security mac-address <mac-
address> [vlan <vlan-id>]
Configure the static security
MAC of the interface.
switchport port-security maximum <value> [vlan <vlan-
list>]
no switchport port-security maximum <value> [vlan
<vlan-list>]
Configure the maximum number
of the security MAC address
allowed by the interface.
switchport port-security violation {protect | restrict |
shutdown}
no switchport port-security violation
When exceeding the maximum
number of the configured MAC
addresses,
MAC
address
accessing the interface does not
belongs to this interface in MAC
address table or a MAC address
is
configured
to
several