Asante Technologies 40240/40480-10G Configuring Port Security

Configuring Port Security

Port security is a feature that allows you to conf igure a swi tch port w ith one or more

device MAC addresses that are authorized to access the netwo rk through th at port.

When port security is enabled on a port , the switc h stops learning new MAC

addresses on the specified port when it has reached a configure d maximum

number. Only incoming traffic with source addresses already stored in the dynamic

or static address table will be accepted as authorized to access the netw ork throu gh

that port. If a device with an unauthorized M AC addr ess attem pts to use th e switch

port, the intrusion will be detected and the switch can automatic ally take action by

disabling the port and sending a trap message.

To use port security, specify a maximum number of addresses to allow on the port

and then let the switch dynamically learn the <source M AC add ress , VLAN> pair for

frames received on the port. Note that you can als o man ually add secu re ad dress es

to the port using the Static Address Table (page 9-1). When the port has reached the

maximum number of MAC addresses the selected port will stop learning. The MAC

addresses already in the address table will be retained and wi ll not ag e out. Any

other device that attempts to use the port will be prevented from accessing the

switch.

Command Usage

• A secure port has the following restric tions:

- It cannot be used as a member of a static or dynamic tr unk.

- It should not be connected to a net work intercon nection de vice.

• The default maximum number of MAC addresses allowed on a secure port is zero.

You must configure a maximum address count from 1 - 1024 for t he port to all ow

access.

• If a port is disabled (shut down) due to a security violation, it must be manually

re-enabled from the Port/Port Configuration page (page 8-3).

Command Attributes

• Port – Port num ber.

• Name – Descriptive text (page 27-2).

•

Action

– Indicates the action to be taken when a port security violation is detected:

- None: No action should be taken. (Th is is the defau lt.)

- Trap: Send an SNMP trap message.

- Shutdown: Disable the port.

- Trap and Shutdo wn: Send a n SNMP trap mes sage and di sable the po rt.

•

Security Status

– Enables or disables port security on the port. (Default: Disabled)

• Max MAC Count – The maximum nu m ber of MAC addresses that can be learned

on a port. (Range: 0 - 1024, where 0 means disabled)

• Trunk – Trunk number if port is a membe r (page 8- 7 and 8- 8).

User Authentication