beautypg.com

Secure, Lock all ports, Guidelines – Allied Telesis AT-S39 User Manual

Page 78: Secure lock all ports guidelines

background image

Section II: Local and Telnet Management

78

Static MAC addresses are retained by the switch and are not included in
the count of maximum addresses that can be learned by a port. You can
continue to add static MAC addresses to a port even after a port has
learned its maximum number of dynamic MAC addresses.

Secure

This security level instructs the switch to forward frames based solely on
static MAC addresses. When this security level is activated, the switch
deletes all dynamic MAC addresses and disables the MAC address table
so that no new addresses can be learned.

The switch also deletes any addresses in the static MAC address table.
Once you have activated this security level, you must enter the static
MAC addresses of the nodes whose frames the switch should forward.
The switch will forward frames only from those nodes whose MAC
addresses you enter in the static MAC address table. Any node whose
MAC address is not in the static MAC address table will not be able to
send frames through the switch.

Lock All Ports

This security level causes the switch to immediately stop learning new
dynamic MAC addresses. The switch forwards frames based on the
dynamic MAC addresses it has already learned and any static MAC
addresses the network administrator has entered.

The MAC aging time is disabled in this security level; no dynamic MAC
addresses are deleted from the MAC address table, even those
belonging to inactive end nodes.

Note

For background information on MAC addresses and aging time,
refer to MAC Address Overview on page 162.

Guidelines

Here are a few general guidelines to keep in mind when using this type
of port security:

❑ The filtering of a packet occurs on the ingress port, not on the

egress port.

❑ You cannot use MAC address security and 802.1x port-based

access control on a switch port at the same time.

❑ Port security is set at the switch level. You cannot set this on a per-

port basis.

❑ Only one security level can be active on a switch at a time.

See also other documents in the category Allied Telesis Computer hardware: