Mac address security guidelines – Allied Telesis AT-S63 User Manual

Chapter 23: Port Security

520

Section IV: Security

port after the port had reached its maximum number of dynamic
MAC addresses, or that was not assigned to the port as a static
address.

❑ Secured Security Level - An invalid frame for this security level is

an ingress frame with a source MAC address that was not entered
as a static address on the port.

❑ Locked - An invalid frame for this security level is an ingress frame

with a source MAC address that the port has not already learned
or that was not assigned as a static address.

Intrusion action defines what a port does when it receives an invalid
frame. For a port operating under either the Secured or Locked security
mode, the intrusion action is always the same. The port discards the
frame.

But with the Limited security mode you can specify an intrusion action.
Here are the options:

❑ Discard the invalid frame.

❑ Discard the invalid frame and send an SNMP trap. (SNMP must be

enabled on the switch for the trap to be sent.)

❑ Discard the invalid frame, send an SNMP trap, and disable the

port.

MAC Address

Security

Guidelines

Following are several general guidelines to keep in mind when using this
type of port security:

❑ The filtering of a packet occurs on the ingress port, not on the

egress port.

❑ MAC address security can be set from a local or Telnet

management session, but not from a web browser management
session.

❑ You cannot use MAC address security and port-based access

control on the same port.