2 network access (mac address authentication) – PLANET SGSD-1022 User Manual
Page 477
User’s Manual of SGSD-1022 / SGSD-1022P
SGSW-2840 / SGSW-2840P
Interface Configuration (Ethernet)
Command Usage
If you enable port security, the switch stops learning new MAC addresses on the specified port when it has reached a
configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address
table will be accepted.
Use the port security command to enable security on a port. Then use the port security action command to set the
response to a port security violation, and the port security max-mac-count command to set the maximum number of
addresses allowed on a port.
You can also manually add secure addresses with the mac-address-table static command.
A secure port has the following restrictions:
-Cannot be connected to a network interconnection device.
-Cannot be a trunk port.
If a port is disabled due to a security violation, it must be manually re-enabled using the no shutdown command.
Example
The following
Example
enables port security for port 5, and sets the response to a security violation to issue a trap
message:
Console(config)#interface ethernet 1/5
Console(config-if)#port security
Console(config-if)#port security action trap
Console(config-if)#
Related Commands
shutdown
mac-address-table static
show mac-address-table
5.13.2 Network Access (MAC Address Authentication)
Network Access authentication controls access to the network by authenticating the MAC address of each host that attempts to
connect to a switch port. Traffic received from a specific MAC address is forwarded by the switch only if the source MAC
address is successfully authenticated by a central RADIUS server. While authentication for a MAC address is in progress, all
traffic is blocked until authentication is completed. Once successfully authenticated, the RADIUS server may optionally assign
VLAN settings for the switch port.
Command
Function
Mode
network-access mode
Enables MAC authentication on an interface
IC
477