Configuring port security, Figure 218 s, Port security – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

Page 935

Advertising
background image

Brocade 6910 Ethernet Access Switch Configuration Guide

885

53-1002581-01

Configuring Port Security

41

FIGURE 218

Showing IP Addresses Authorized for Management Access

Configuring Port Security

Use the Security > Port Security page to configure the maximum number of device MAC addresses
that can be learned by a switch port, stored in the address table, and authorized to access the
network.

When port security is enabled on a port, the switch stops learning new MAC addresses on the
specified port when it has reached a configured maximum number. Only incoming traffic with
source addresses already stored in the address table will be authorized to access the network
through that port. If a device with an unauthorized MAC address attempts to use the switch port,
the intrusion will be detected and the switch can automatically take action by disabling the port
and sending a trap message.

CLI References

“Port Security”

on page 193

Command Usage

The default maximum number of MAC addresses allowed on a secure port is zero (that is,
disabled). To use port security, you must configure the maximum number of addresses allowed
on a port.

To configure the maximum number of address entries which can be learned on a port, specify
the maximum number of dynamic addresses allowed. The switch will learn up to the maximum
number of allowed address pairs <source MAC address, VLAN> for frames received on the
port. When the port has reached the maximum number of MAC addresses, the port will stop
learning new addresses. The MAC addresses already in the address table will be retained and
will not be aged out.

Note that you can manually add additional secure addresses to a port using the Static Address
Table (

page 751

).

When the port security state is changed from enabled to disabled, all dynamically learned
entries are cleared from the address table.

If port security is enabled, and the maximum number of allowed addresses are set to a
non-zero value, any device not in the address table that attempts to use the port will be
prevented from accessing the switch.

If a port is disabled (shut down) due to a security violation, it must be manually re-enabled
from the Interface > Port > General page (

page 675

).

Advertising
Popular Brands
Popular manuals