3Com 3C17300A Implementation Guide - Page 78

78 CHAPTER 10: MAKING YOUR NETWORK SECURE Port Security The Switch supports the following port security modes, which you can set for an individual port or a range of ports: ■ No Security Port security is disabled and all network traffic is forwarded through the port without any restrictions. ■ Continuous Learning MAC addresses are learned continuously by the port until the number of authorized addresses specified is reached. When this number is exceeded the first address that was learned by the port is deleted, allowing a new address to be learned. ■ Automatic Learning MAC addresses are learned continuously by the port until the number of authorized addresses specified is reached. When this number is exceeded the port automatically stops learning addresses and Disconnect Unauthorized Device (DUD) is enabled on the port. For further information see "What is Disconnect Unauthorized Device (DUD)?" on page 85. ■ Learning Off Only traffic received from an authorized address (either configured by management or learned while the port was prevously operating in the "Automatic Learning" mode) is forwarded. While in this mode the DUD operation is enabled. When a port in this mode has learned the maximum number of authorized addresses configured for the port then it will transition to the "Learning Off" mode. ■ Network Login When a 802.1X client has been successfully authorized, all network traffic is forwarded through the port without any restrictions. For further information see "What is Network Login?" on page 80. ■ Network Login (Secure) When a 802.1X client has been successfully authorized, only network traffic that is received from the authorized client device is forwarded through the port. The source MAC address in received packets is used to determine this; all traffic from other network devices is filtered. Disconnect Unauthorized Device (DUD) is enabled on the port.