9

Port Security

This section describes the Port Security feature.

Overview

Port Security:

Allows for limiting the number of MAC addresses on a given port.

Packets that have a matching MAC address (secure packets) are forwarded; all other pack- ets (unsecure packets) are restricted.

Enabled on a per port basis.

When locked, only packets with allowable MAC address will be forwarded.

Supports both dynamic and static.

Implement two traffic filtering methods. These methods can be used concurrently.

-Dynamic Locking - User specifies the maximum number of MAC addresses that can be learned on a port. After the limit is reached, additional MAC addresses are not learned. Only frames with an allowable source MAC address are forwarded.

-Static Locking - User manually specifies a list of static MAC addresses for a port. Dynamically locked addresses can be converted to statically locked addresses.

Operation

Port Security:

Helps secure network by preventing unknown devices from forwarding packets.

When link goes down, all dynamically locked addresses are ‘freed.’

If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only allow packets with a MAC address matching the MAC address in the static list.

Dynamically locked MAC addresses are aged out if another packet with that address is not seen within the age-out time. The user can set the time-out value.

Dynamically locked MAC addresses are eligible to be learned by another port.

Static MAC addresses are not eligible for aging.

Dynamically locked addresses can be converted to statically locked addresses.

Overview 63

Page 63
Image 63
D-Link DWS-3000 manual Port Security, Operation

DWS-3000 specifications

The D-Link DWS-3000 is an advanced cloud-ready wireless switch designed to meet the increasing demands of modern networks. As organizations transition to more mobile and connected environments, the need for robust and scalable networking solutions becomes paramount. The DWS-3000 addresses this need with its range of features, technologies, and specifications tailored for seamless network management.

One of the standout features of the DWS-3000 is its support for centralized management, allowing IT administrators to oversee multiple access points from a single interface. This simplifies the process of provisioning, monitoring, and troubleshooting network devices, ensuring optimal performance and minimizing downtime. The switch's intuitive web interface and support for D-View, D-Link's network management software, enable effective control over network operations.

The DWS-3000 is equipped with advanced security protocols to safeguard sensitive data within the network. It supports WPA3 encryption, which enhances security compared to its predecessor, WPA2. Additionally, features like MAC address filtering, 802.1X authentication, and rogue AP detection provide comprehensive protection against unauthorized access.

In terms of performance, the DWS-3000 leverages high-capacity hardware to support PoE (Power over Ethernet) technology, enabling power delivery to compatible devices without the need for additional cabling. This feature is particularly beneficial for deployment scenarios where cabling infrastructure is limited.

Moreover, the DWS-3000 is built with scalability in mind. It can support a vast number of access points, making it suitable for deployments ranging from small businesses to large enterprises. This scalability, combined with features like load balancing and Band Steering, ensures efficient use of available bandwidth, enhancing user experience.

The switch also offers seamless integration with D-Link’s suite of access points, allowing for simplified deployments in various environments, whether indoor or outdoor. The capabilities of the DWS-3000 extend into a comprehensive analytics engine, which provides insights into network performance and user behavior, aiding in informed decision-making.

With its blend of advanced features, robust security measures, and scalability, the D-Link DWS-3000 is positioned as a powerful solution for organizations looking to elevate their network infrastructure. It empowers businesses to provide reliable, high-performance wireless connectivity while maintaining security and ease of management in today’s dynamic environment.