Mac address port security guidelines – Allied Telesis AT-S63 User Manual

Page 714

background image

Chapter 30: MAC Address-based Port Security

714

Section VIII: Port Security

But with the Limited security mode you can specify an intrusion action.
Here are the options:

ˆ

Discard the invalid frame.

ˆ

Discard the invalid frame and send an SNMP trap. (SNMP must be
enabled on the switch for the trap to be sent.)

ˆ

Discard the invalid frame, send an SNMP trap, and disable the port.

MAC Address

Port Security

Guidelines

Following are several general guidelines to keep in mind when using this
type of port security:

ˆ

The filtering of a packet occurs on the ingress port, not on the egress
port.

ˆ

You cannot use MAC address port security and 802.1x port-based
access control on the same port. To configure a port as an
Authenticator or Supplicant in 802.1x port-based access control, you
must set its MAC address security level to Automatic, which is the
default setting.

ˆ

This type of port security is not supported on optional GBIC or SFP
modules.

ˆ

All of a port’s static MAC addresses are deleted when its security level
is changed from Locked to any of the other three security levels.