Allied Telesis AT-S100 User Manual

AT-S100 Management Software User’s Guide

47

Locked Mode

A port set to the Locked mode security level immediately stops learning
new dynamic MAC addresses and forwards frames using the dynamic
MAC addresses it has already learned and any static MAC addresses
assigned to it. Ingress frames with an unknown MAC address are
discarded. Dynamic MAC addresses already learned by a port prior to the
activation of this security level never time out from the MAC address table,
even when the corresponding end nodes are inactive.

You can continue to add new static MAC addresses to a port operating
under this security level.

Secured Mode

The Secured Mode security level uses only static MAC addresses
assigned to a port to forward frames. Consequently, only those end nodes
whose MAC addresses are entered as static addresses are able to
forward frames through a port. Dynamic MAC addresses already learned
on a port are discarded from the MAC table and no new dynamic
addresses are added. Any ingress frames having a source MAC address
not entered as a static address on a port are discarded.

After activating this security level, you must enter the static MAC
addresses of the end nodes that are to forward frames through the port.

MAC Address Maximum

In addition, you can set the maximum number of MAC addresses that can
be learned by a port as well as specific secure MAC addresses that can be
learned by a port.

Once the limit of MAC addresses is reached for the port specified, the
action taken by the software is determined by the setting of the
SWITCHPORT PORT-SECURITY VIOLATION command. There are 3
possible responses to a violation:

ˆ

Protect

ˆ

Restrict

ˆ

Shutdown

Setting the Maximum Number of MAC Addresses

To limit the number of MAC addresses that can be learned by a port, use
the SWITCHPORT PORT-SECURITY MAXIMUM command.

The syntax of this command is:

switchport port-security maximum <1-320>