beautypg.com

Secured, Locked, Security violations and intrusion actions – Allied Telesis AT-S62 User Manual

Page 456

background image

Chapter 23: MAC Address Security

Section VI: Port Security

456

Secured

The Secured security level instructs a port to forward frames using only
static MAC address. The port will not learn any dynamic MAC addresses
and will delete any dynamic addressees that it has already learned. Only
those end nodes whose MAC addresses have been entered as static
addresses will be able to forward frames through the port.

Once you have activated this security level, you must enter the static
MAC addresses of the end nodes that will be allowed to forward frames
through the port.

Locked

The Locked security level causes a port to immediately stop learning
new dynamic MAC addresses. Frames are forwarded using the dynamic
MAC addresses that the port has already learned and any static MAC
addresses assigned to the port.

Dynamic MAC addresses learned by the port prior to the activation of
this security level never time out from the MAC address table, even
when the corresponding end nodes are inactive. However, the port will
not learn new dynamic addresses.

You can continue to add new static MAC addresses to a port operating
under this security level.

Note

For background information on MAC addresses and aging time,
refer to MAC Address Overview on page 110.

Security

Violations and

Intrusion

Actions

When a port receives an invalid frame, it has to decide what action it will
take. This is referred to as intrusion action.

Before defining the intrusion actions, it helps to understand first what
constitutes an invalid frame. This differs for each security level, as
explained here:

❑ Limited Security Level - An invalid frame for this security level is an

ingress frame with a source MAC address not already learned by a
port after the port had reached its maximum number of dynamic
MAC addresses, or that was not assigned to the port as a static
address.

❑ Secured Security Level - An invalid frame for this security level is

an ingress frame with a source MAC address that was not entered
as a static address on the port.

❑ Locked - An invalid frame for this security level is an ingress frame

with a source MAC address that the port has not already learned
or that was not assigned as a static address.

See also other documents in the category Allied Telesis Computer hardware: