Dell PowerConnect M6348 Configuration Guide - Page 39

Port Security This section describes the Port Security feature. Overview Port Security: • Allows for limiting the number of MAC addresses on a given port. • Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure packets) are restricted. • Enabled on a per port basis. • When locked, only packets with allowable MAC address will be forwarded. • Supports both dynamic and static. • Implement two traffic filtering methods. These methods can be used concurrently. - Dynamic Locking: User specifies the maximum number of MAC addresses that can be learned on a port. The maximum number of MAC addresses is 100. After the limit is reached, additional MAC addresses are not learned. Only frames with an allowable source MAC address are forwarded. - Static Locking: User manually specifies a list of static MAC addresses for a port. Operation Port Security: • Helps secure network by preventing unknown devices from forwarding packets. • When link goes down, all dynamically locked addresses are 'freed.' • If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only allow packets with a MAC address matching the MAC address in the static list. • Dynamically locked MAC addresses are aged out if another packet with that address is not seen within the age-out time. The user can set the time-out value. • Dynamically locked MAC addresses are eligible to be learned by another port. • Static MAC addresses are not eligible for aging. CLI Examples The following are examples of the commands used in the Port Security feature. Example #1: Enable Port Security on an Interface console(config)#interface ethernet 1/g18 console(config-if-1/g18)#port security ? Press enter to execute the command. Switching Configuration 39