Port security overview, Automatic, Limited – Allied Telesis AT-S39 User Manual

AT-S39 User’s Guide

77

Port Security Overview

This feature can enhance the security of your network. You can use it to
control which end nodes can forward frames through the switch, and so
prevent unauthorized individuals from accessing your network or
particular parts of the network.

This type of network security uses a frame’s source MAC address to
determine whether the switch should forward a frame or discard it. The
source address is the MAC address of the end node that sent the frame.

There are four levels of port security. Only one security level can be
active on a switch at a time. The levels of port security are:

❑ Automatic

❑ Limited

❑ Secured

❑ Locked

Automatic

This operating mode disables port security. The switch learns and adds
addresses to its dynamic MAC address table as it receives frames on the
ports.

Note

The Automatic security mode is the default security level for the
switch.

Limited

You can use this security level to manually specify the maximum number
of dynamic MAC addresses each port on the switch can learn. Once a
port has learned its maximum limit, it discards ingress frames with
source MAC addresses not already stored in the MAC address table.

When you activate this mode, the switch deletes all MAC addresses in
the dynamic MAC address table and immediately begins learning new
addresses as frames are received on the ports, up to the allowed limit for
each port.

The MAC aging time is disabled under this security level. Once a dynamic
MAC address has been learned on a port and added to the MAC address
table, it remains in the table and is never purged, even when the end
node is inactive.