ACCESS CONSIDERATIONS

CHAPTER 6: ACCESS CONSIDERATIONS

6.1.3Port Security Feature

The port security feature can be used to block computers from accessing the network by requiring the port to validate the MAC address against a known list of MAC addresses. This port security feature is provided on an Ethernet, or Fast Ethernet, port. In case of a security violation, the port can be configured to go into the disable mode or drop mode. The disable mode disables the port, not allowing any traffic to pass through. The drop mode allows the port to remain enabled during a security violation and drop only packets that are coming in from insecure hosts. This is useful when there are other network devices connected to the MultiLink ML1200 Managed Field Switch. If there is an insecure access on the secondary device, the MultiLink ML1200 Managed Field Switch allows the authorized users to continue to access the network; the unauthorized packets are dropped preventing access to the network.

Network security hinges on the ability to allow or deny access to network resources. This aspect of secure network services involves allowing or disallowing traffic based on information contained in packets, such as the IP address or MAC address. Planning for access is a key architecture and design consideration. For example, which ports are configured for port security? Normally rooms with public access (e.g. lobby, conference rooms, etc.) should be configured with port security. Once that is decided, the next few decisions are: Who are the authorized and unauthorized users? What action should be taken against authorized as well as unauthorized users? How are the users identified as authorized or unauthorized?

6–2

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Page 108
Image 108
GE ML1200 instruction manual Port Security Feature