Port security, Dynamic secure mac address (mac id) – Rockwell Automation 1783-BMxxx Stratix 5700 Ethernet Managed Switches User Manual User Manual

Page 97

Advertising
background image

Rockwell Automation Publication 1783-UM004E-EN-P - June 2014

97

Switch Software Features Chapter 3

Port Security

Stratix 5700 switches implement MAC address-based port security. A MAC
address is a unique address assigned to each Ethernet-capable device. This means
that the switch can enforce communications either dynamically or statically per
MAC address.

With dynamic port security, a switch port communicates with a certain number
of devices (MAC addresses). The port tracks only the number of devices rather
than the MAC addresses of those devices. Static port security adds devices to the
port security table on a per MAC address basis. With static dynamic port
security, only devices with the MAC addresses in the security table are able to
communicate on that port.

One or both methods can be used in the Stratix 5700 switches with Full firmware
on a per-port basis. Port Security does not apply to switches with lite firmware.

Dynamic Secure MAC Address (MAC ID)

Many Smartport roles have a maximum number of MAC IDs that can use that
port. For example, the Smartport role ‘Automation Device’ sets up the port for a
maximum of one MAC ID. The MAC ID is dynamic, meaning the switch learns
the first source MAC ID to use the port. Attempts by any other MAC ID to
access the port are denied.

If the link becomes inactive, the switch dynamically relearns the MAC ID to be
secured.

The default number of MAC IDs can be changed on the Port Security tab within
the Device Manager Web interface or the Logix Designer application.

The following table shows the Smartport role and the maximum number of
supported MAC IDs.

Table 6 - Maximum Number of MAC IDs per Smartport Role

Smartport Role

Number of MAC IDs (max)

Automation Device

1

Desktop for Automation

1

Switch for Automation

Not restricted

Router for Automation

Not restricted

Phone for Automation

3

Wireless for Automation

Not restricted

Multiport Automation Devices

Not restricted

Virtual Desktop for Automation

2

Port Mirroring

Not restricted

None

Not restricted

Advertising
Popular Brands
Popular manuals