15. Security Management

15

 

 

 

 

In this chapter, examples are provided for the following topics:

Port Security

Set the Dynamic and Static Limit on Port 1/0/1 on page 270

Convert the Dynamic Address Learned from 1/0/1 to a Static Address on page 271

Create a Static Address on page 272

Protected Ports on page 273

802.1x Port Security on page 280

Create a Guest VLAN on page 286

Assign VLANs Using RADIUS on page 291

Dynamic ARP Inspection on page 297

Static Mapping on page 303

DHCP Snooping on page 305

Enter Static Binding into the Binding Database on page 309

Maximum Rate of DHCP Messages on page 310

IP Source Guard on page 312

Port Security

Port Security helps secure the network by preventing unknown devices from forwarding packets. When a link goes down, all dynamically locked addresses are freed. The port security feature offers the following benefits:

You can limit the number of MAC addresses on a given port. Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure packets) are restricted.

You can enable port security on a per port basis.

Port security implements two traffic filtering methods, dynamic locking and static locking. These methods can be used concurrently.

Dynamic locking. You can specify the maximum number of MAC addresses that can be learned on a port. The maximum number of MAC addresses is platform dependent and is

Chapter 15. Security Management 269

Page 269
Image 269
NETGEAR M4100, M7100 manual Security Management, Port Security