Port security, Port security overview, Configuring port security – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

321

Port security

Port security overview

Port security combines and extends 802.1X and MAC authentication to provide MAC-based network

access control. It applies to a network, a WLAN, for example, that requires different authentication
methods for different users on a port.
Port security prevents unauthorized access to the network by checking the source MAC address of

inbound traffic and prevents access to unauthorized devices by checking the destination MAC address

of outbound traffic.
Port security can control MAC address learning and authentication on a port to make sure that the port

learns only source trusted MAC addresses.
A frame is illegal, if its source MAC address cannot be learned in a port security mode or it is from a

client that has failed 802.1X or MAC authentication.
The port security feature can automatically take a pre-defined action on illegal frames. This automatic

mechanism enhances network security and reduces human intervention.

NOTE:
•

For scenarios that require only 802.1X authentication or MAC authentication, H3C recommends you
configure 802.1X authentication or MAC authentication rather than port security for simplicity. For more
information about 802.1X and MAC authentication, see the chapters "

802.1X configuration

" and

"

MAC authentication configuration

."

•

For more information about port security, see

H3C WX3000E Series Wireless Switches Switching

Engine Configuration Guide.

Configuring port security

Configuration prerequisites

•

Before enabling port security, disable 802.1X and MAC authentication globally.

•

Only one port security mode can be configured on a port.

Recommended configuration procedure

Configuring basic port security mode

Step Remarks

1. Configuring global settings for

port security

Required.
Enable port security globally and configure advanced parameters.
Disabled by default.