Configuring Port Security at the Access Layer

By default, the switch allows all MAC addresses to access the network. For network security purposes, the switch relies on mechanisms such as file server operating systems and applications. Port security allows a network administrator to configure a set of allowed devices or MAC addresses to provide additional security. If port security is enabled, only the MAC addresses that are explicitly allowed can use the port. A MAC address can be allowed as follows:

• Static assignment of the MAC address—The network administrator can code the MAC address when port security is assigned. This method is the more secure of the two options; however, it is difficult to manage.

• Dynamic learning of the MAC address—If the MAC address is not specified, the port turns on learning for security. The first MAC address seen on the port becomes the secure MAC address.

0 0

Post a comment