Port security overview, Automatic, Limited – Allied Telesis AT-S60 User Manual

Chapter 21: Port Security

Section V: Security Features

470

Port Security Overview

The port security feature can enhance the security of your network. You
can use the feature to control which end nodes can forward frames
through the switch.

Note

The port security feature cannot be used on a port that is configured
as a supplicant or an authenticator of the port-based network access
feature, described in 802.1x Port-based Access Network Control
Overview on page 550. When you configure a port as a supplicant or
an authenticator, the security level changes to PA (Port Access)
Controlled.

There are four levels of port security:

❑ Automatic

❑ Limited

❑ Secured

❑ Locked

You can set port security on a per port basis. Only one security level can
be active on a port at a time.

Automatic

The Automatic security mode disables port security on a port. This is the
default security level for a port. In this mode, a switch can learn up to
8192 dynamic MAC addresses.

A dynamic MAC address learned by a port operating with this security
level is deleted from the MAC address table if the end node becomes
inactive. This prevents the table from becoming full of MAC addresses of
inactive nodes. The length of time an inactive dynamic MAC address can
remain in the table is determined by the MAC aging time.

If you want to include a port in a MAC-Based VLAN, you must set the port
security setting to the Automatic security mode. For more information
about MAC-Based VLANs, see Chapter 19: Port Security on page 469.

Limited

The Limited security level allows you to specify the maximum number of
dynamic MAC addresses a port can learn. Once a port has learned its
maximum number of addresses, it discards all ingress frames with source
MAC addresses not already learned.