Port Security
Port Security Overview
This chapter shows you how to set up port security.
About Port Security
Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch.
For maximum port security, enable this feature, disable MAC address learning and configure static MAC addresses for a port. It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts. By default, MAC address learning is still enabled even though the port security is not activated.
Port Security Setup
Click SECURITY > Port Security > Port Security in the navigation panel to display the screen as shown.
SECURITY > Port Security > Port Security (Standalone Mode)
The following table describes the labels in this screen.
label | description |
|---|---|
MAC Freeze | |
Port List | Enter the number of the ports (separated by a comma) on which you want to enable port security and disable MAC address learning. After you click MAC Freeze, all previously learned MAC addresses on the specified ports will become static MAC addresses and display in the SWITCHING > Static MAC Forwarding > Static MAC Forwarding screen. |
MAC Freeze | Click MAC Freeze to have the Switch automatically select the Active checkboxes and clear the Address Learning checkboxes only for the ports specified in the Port List. |
Port Security | |
Active | Enable the switch button to enable port security on the Switch. |
Port | This field displays the port number. |
* | Settings in this row apply to all ports. Use this row only if you want to make some of the settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.  Changes in this row are copied to all the ports as soon as you make them. |
Active | Select this checkbox to enable the port security feature on this port. The Switch forwards packets whose MAC addresses is in the MAC address table on this port. Packets with no matching MAC addresses are dropped. Clear this checkbox to disable the port security feature. The Switch forwards all packets on this port. |
Address Learning | MAC address learning reduces outgoing broadcast traffic. For MAC address learning to occur on a port, the port itself must be active with address learning enabled. |
Limited Number of Learned MAC Address | Use this field to limit the number of (dynamic) MAC addresses that may be learned on a port. For example, if you set this field to "5" on port 2, then only the devices with these five learned MAC addresses may access port 2 at any one time. A sixth device must wait until one of the five learned MAC addresses ages out. MAC address aging out time can be set in the SYSTEM > Switch Setup screen. The valid range is from “0” to “32K”. “0” means this feature is disabled. |
Apply | Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. |
Cancel | Click Cancel to begin configuring this screen afresh. |