Port security overview – Allied Telesis AT-S39 User Manual

AT-S39 User’s Guide

65

Port Security Overview

The port security feature can enhance the security of your network. You
can use the feature to control the number of MAC addresses learned on
the ports, and so control the number of network devices that can
forward frames through the switch.

There are four levels of port security. Only one security level can be
active on a switch at a time.

Automatic
This operating mode disables port security. The switch learns and adds
addresses to its dynamic MAC address table as it receives frames on the
ports. The switch continues to learn MAC addresses so long as there is
space in the MAC address table and deletes inactive MAC addresses.

Note

The Automatic security mode is the default security level for the
switch.

Limited
You can use this security level to manually specify a maximum number
of dynamic MAC addresses each port on the switch can learn. Once a
port has learned its maximum limit of MAC addresses, it discards frames
that ingress the port with source MAC addresses not already stored in
the MAC address table.

Once this mode is activated, the switch deletes all MAC addresses in the
dynamic MAC address table and immediately begins learning new
addresses, adding them to the dynamic MAC address table for each port
until it reaches the port’s maximum limit.

The MAC aging time is disabled under this security level. Once a dynamic
MAC address has been learned on a port and added to the MAC address
table, it remains in the table and is never purged, even when the end
node is inactive.

Note

Static MAC addresses are retained by the switch and are not
included in the count of maximum addresses that can be learned by
a port. You can continue to add static MAC addresses to a port even
if the port has already learned its maximum number of dynamic
MAC addresses.