beautypg.com

Port security overview – Allied Telesis AT-S25 User Manual

Page 67

background image

AT-S25 Management Software User’s Guide

67

Port Security Overview

The port security feature can enhance the security of your network. You
could use the feature to control the number of MAC addresses learned
on the ports, and so control the number of network devices that can
forward frames through the switch.

There are four levels of port security. Only one security level can be
active on a switch at a time.

A - Automatic
This operating mode disables port security. The switch learns and adds
addresses to its dynamic MAC Address Table as it receives frames on the
ports. The switch continues to learn MAC addresses so long as there is
space in the MAC Address Table and deletes inactive MAC addresses.

Note
The Automatic security mode is the default security level for the
switch.

L - Limited
You could use this security level to manually specify a maximum number
of dynamic MAC addresses each port on the switch can learn. Once a
port has learned its maximum limit, it discards frames that ingress the
port with source MAC addresses not already stored in the MAC Address
Table.

Once this mode is activated, the switch deletes all MAC addresses in the
dynamic MAC Address Table and immediately begins learning new
addresses, adding them to the dynamic MAC Address Table for each
port until it reaches the port’s maximum limit.

The MAC address aging time is disabled under this security level. Once a
dynamic MAC address has been learned on a port and added to the MAC
Address Table, it remains in the table and is never purged, even when
the end node is inactive.

Note
Static MAC addresses are retained by the switch and are not
included in the count of maximum addresses that can be learned by
a port. You could continue to add static MAC addresses to a port
even if the port has already learned its maximum number of
dynamic MAC addresses.