Secure, Group 3 group 4, L /a d/c – Allied Telesis AT-S25 User Manual

Section II: Local and Telnet Mangement

70

The AT-8316F/SC switch also has four groups, as shown in Figure 21.

Figure 21 Port Groups on an AT-8316F/SC Switch

Here is an example of Limited port security. Let’s assume you are
configuring Limited port security on an AT-8324 switch and you
specified that Group 1 on the switch could learn up to 50 dynamic MAC
addresses. This means that Ports 1 to 8 on the switch could learn a group
total of 50 dynamic MAC addresses. Once 50 dynamic addresses are
learned, the ports in the group will not learn any more and will discard
packets with new source addresses.

It should be noted that in some circumstances some ports in a group
might not learn any MAC addresses at all. For instance, referring again to
our example, if Ports 1 to 6 in Group 1 were to learn a total of 50
addresses before Ports 7 and 8 had received any packets, the latter ports
would not be allowed to learn any addresses, even when they receive
packets, because the group total has already been reached. This needs
to be taken into account when using Limited port security.

Limited port security also applies to optional uplink ports. If the optional
expansion card contains only one uplink port, then the group maximum
applies to the one port. If the expansion card contains multiple uplink
ports, then the maximum total of MAC addresses applies to all the ports
on the card.

Secure

This security level instructs the stack to forward frames based only on
static MAC addresses. When this security level is activated, the stack
deletes all dynamic MAC addresses and disables the MAC Address Tables
in the switches in the stack so that no addresses can be learned.

The stack also deletes all static MAC addresses from the MAC Address
Tables. After activating this security level, you must enter the static MAC
addresses of the nodes whose frames the stack should forward. The
stack will forward frames only from those nodes whose MAC addresses
you enter in as static MAC addresses. Frames from nodes whose MAC
addresses are not entered as static addresses will be discarded.

Group 1

Ports 1 to 8

Group 2

Ports 9 to 16

LINK /

ACTIVITY

FULL DUP /

L /A

D/C

HALF DUP

COL

100BASE-FX FAST ETHERNET SWITCH

A

B

100BASE-FX

STATUS

RESET

FAULT

RPS

PWR

RS-232

TERMINAL PORT

PORT ACTIVITY

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

L /A

D/C

8

7

6

5

4

3

2

1

RX

TX

RX

TX

RX

TX

RX

TX

RX

TX

RX

TX

RX

TX

RX

TX

16

15

14

13

12

11

10

9

RX

TX

RX

TX

RX

TX

RX

TX

RX

TX

RX

TX

RX

TX

RX

TX

Group 3

Group 4