Netgear GSM7352Sv1 7000 Series Managed Switch Administration Guide for Softwar - Page 239
Security Management, Port Security
View all Netgear GSM7352Sv1 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 239 highlights
Chapter 16 Security Management In this chapter, exmples are provided for the following topics: • "Port Security" • "Protected Ports" on page 16-6 • "802.1x Port Security" on page 16-13 Port Security This section describes the Port Security feature. Port Security: • Allows for limiting the number of MAC addresses on a given port • Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure packets) are restricted • Enabled on a per port basis • When locked, only packets with allowable MAC address will be forwarded • Supports both dynamic and static • Implement two traffic filtering methods - Dynamic Locking - User specifies the maximum number of MAC addresses that can be learned on a port. The maximum number of MAC addresses is platform dependent and is given in the software Release Notes. After the limit is reached, additional MAC addresses are not learned. Only frames with an allowable source MAC address are forwarded. - Static Locking - User manually specifies a list of static MAC addresses for a port. Dynamically locked addresses can be converted to statically locked addresses. These methods can be used concurrently Port Security: • Helps secure network by preventing unknown devices from forwarding packets • When link goes down, all dynamically locked addresses are 'freed' • If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only allow packets with a MAC address matching the MAC address in the static list • Dynamically locked MAC addresses are aged out if another packet with that address is not seen within the age-out time. The user can set the time-out value. v1.0, November 2008 16-1