Port security, Dynamic secure mac address (mac id), Static secure mac address (mac id) – Rockwell Automation Ethernet Design Considerations Reference Manual User Manual

56

Rockwell Automation Publication ENET-RM002C-EN-P - May 2013

Chapter 3

Ethernet Infrastructure Features

Port Security

The switch has dynamic and static methods for limiting the MAC addresses
(MAC IDs) that can access a given port.

Dynamic Secure MAC Address (MAC ID)

With Stratix 8000 and Stratix 8300 switches, the Smartport roles have a
maximum number of MAC IDs that can use that port. For example, the
Smartport role ‘Automation Device’ sets up the port for a maximum of one MAC
ID. The MAC ID is dynamic, meaning the switch learns the first source MAC
ID to use the port. Attempts by any other MAC ID to access the port is denied. If
the link becomes inactive, the switch dynamically relearns the MAC ID to be
secured.

Static Secure MAC Address (MAC ID)

With Stratix 6000, Stratix 8000, and Stratix 8300 switches, the other method of
limiting MAC IDs is to statically configure a single MAC ID for a port. MAC
IDs that communicate on a given switch port become part of the saved
configuration of the switch. This method provides strong security but requires
reconfiguration whenever the device connected to the port is replaced, because
the new device has a different MAC ID from the old device.

When you use the Studio 5000 environment to configure a Stratix 8000 and
Stratix 8300 switches, you can use the static secure method. However, this
method is not available with the Device Manager Web interface. For a
Stratix 6000 switch the port security options are configured via the web browser
or Logix5000 controller.

Smartport Role

Number of MAC IDs, max

Automation Device

1

Automation Device with QoS

1

Desktop for Automation

1

Switch for Automation

Not restricted

Router

Not restricted

I/P Phone + Desktop

3

Access Point

Not restricted

Port Mirroring

Not restricted

None

Not restricted