Port security overview, Automatic, Limited – Allied Telesis AT-S60 User Manual

Chapter 7: Port Security

Section II: Local and Telnet Management

102

Port Security Overview

The port security feature can enhance the security of your network. You
can use the feature to control which end nodes can forward frames
through the switch.

Note

The port security feature cannot be used on a port that is configured
as a supplicant or an authenticator of the port-based network access
feature, described in 802.1x Port-Based Network Access Control
on page 406. When you configure a port as a supplicant or an
authenticator, the security level changes to PA (Port Access)
Controlled.

There are four levels of port security:

❑ Automatic

❑ Limited

❑ Secured

❑ Locked

You can set port security on a per port basis. Only one security level can
be active on a port at a time.

Automatic

The Automatic security mode disables port security on a port. This is the
default security level for a port. In this mode, a switch can learn up to
8192 dynamic MAC addresses.

A dynamic MAC address learned by a port operating with this security
level is deleted from the MAC address table if the end node becomes
inactive. This prevents the table from becoming full of MAC addresses of
inactive nodes. The length of time an inactive dynamic MAC address can
remain in the table is determined by the MAC aging time.

Limited

The Limited security level allows you to specify the maximum number of
dynamic MAC addresses a port can learn. Once a port has learned its
maximum number of addresses, it discards all ingress frames with source
MAC addresses not already learned.

When the Limited security mode is activated on a port, all dynamic MAC
addresses learned by the port are deleted from the MAC address table.
The port then begins to learn new addresses, up to the maximum
allowed.