Static secure mac address (mac id), Security violations – Rockwell Automation 1783-Mxxx Stratix 8000 and 8300 Ethernet Managed Switches User Manual User Manual

Rockwell Automation Publication 1783-UM003I-EN-P - March 2014

73

Switch Software Features Chapter 3

The following table shows port roles and the maximum supported MAC IDs.

Static Secure MAC Address (MAC ID)

The other method of limiting MAC IDs is to statically configure a single MAC
ID for a port. This address becomes part of the saved configuration of the switch.
This method provides strong security but requires reconfiguration whenever the
device connected to the port is replaced, because the new device has a different
MAC ID from the old one.

When you use the Logix Designer application to configure the switch Add-on
Profile (AOP), you can use the static secure method. This method is not available
with the Device Manager Web interface.

Security Violations

It is a security violation when one of these situations occurs:

• The maximum number of secure MAC addresses that have been

configured for a port have been added to the address table, and a station
whose MAC address is not in the address table attempts to access the
interface.

• An address learned or configured on one secure interface is seen on

another secure interface in the same VLAN.

When a violation occurs, the port goes into the Restrict mode. In this mode,
packets with unknown source addresses are dropped and you are notified that a
security violation has occurred. An SNMP trap is sent, a syslog message is logged,
and the violation counter increments.

Port Role

Number of MAC IDs (max)

Automation Device

1

Desktop for Automation

1

Switch for Automation

Not restricted

Router for Automation

Not restricted

Phone for Automation

3

Wireless for Automation

Not restricted

Multiport Automation Devices

Not restricted

Virtual Desktop for Automation

2

Port Mirroring

Not restricted

None

Not restricted