What is the internal authentication server, What is port security – Dell POWEREDGE M1000E User Manual

Configuring 802.1X and Port-Based Security

517

What is the Internal Authentication Server?

The Internal Authentication Server (IAS) is a dedicated database for local

authentication of users for network access through 802.1X. In this database,

the switch maintains a list of username and password combinations to use for

802.1X authentication. You can manually create entries in the database, or

you can upload the IAS information to the switch.
If the authentication method for 802.1X is IAS, the switch uses the locally

stored list of username and passwords to provide port-based authentication to

users instead of using an external authentication server.

What is Port Security?

The Port Security feature allows you to limit the number of source MAC

address that can be learned on a port. If a port reaches the configured limit,

any other addresses beyond that limit are not learned and the frames are

discarded. Frames with a source MAC address that has already been learned

will be forwarded.
The purpose of this feature, which is also known as port-MAC locking, is to

help secure the network by preventing unknown devices from forwarding

packets into the network. For example, to ensure that only a single device can

be active on a port, you can set the number of allowable dynamic addresses to

one. After the MAC address of the first device is learned, no other devices will

be allowed to forward frames into the network.
When link goes down on a port, all of the dynamically locked addresses are

cleared from the source MAC address table the feature maintains. When the

link is restored, that port can once again learn addresses up to the specified

limit.
The port can learn MAC addresses dynamically, and you can manually specify

a list of static MAC addresses for a port.

NOTE:

The IAS database does not handle VLAN assignments or DiffServ policy

assignments.