Configuring port security, Configuring port security -45 – Asus GigaX2024SX User Manual

Configuring Port Security

Port security is a feature that allows you to configure a switch port with one or

port security is enabled on a port, the switch stops learning new

rt. Only incoming traffic with source addresses

as

network through that port. If a device with an

the port and

ng a trap message.

have been

registered on the selected port. Note that

umber of addresses

off port security to

reenable the learning function long enough for new VLAN members to be
registered. Learning may then be disabled again, if desired, for security.
Command Usage
• A secure port has the following restrictions:

- It cannot be used as a member of a static or dynamic trunk.

more device MAC addresses that are authorized to access the network through
that port. When
MAC addresses on the specified po
already stored in the dynamic or static address table will be accepted
authorized to access the
unauthorized MAC address attempts to use the switch port, the intrusion will be
detected and the switch can automatically take action by disabling
sendi

To use port security, first allow the switch to dynamically learn the <source MAC
address, VLAN> pair for frames received on a port for an initial training period,
and then enable port security to stop address learning. Be sure you enable the
learning function long enough to ensure that all valid VLAN members

you can also restrict the maximum

that can be learned by a port.

n

To add new VLAN members at a later time, you can manually add secure
addresses with the Static Address Table (page 3-86), or turn

- Cannot use port monitoring.
- Cannot be a multi-VLAN port.

- It should not be connected to a network interconnection device.
• The default maximum number of MAC addresses allowed on a secure port is
zero. You must configure a maximum address count from 1 - 1024 for the port to
allow access.

3-45