360
Configuration guidelines
When you configure port security, follow these restrictions and guidelines:
•
Before you enable port security, disable 802.1X and MAC authentication globally.
•
Only one port security mode can be configured on a port.
•
The outbound restriction feature is not supported in this release.
Recommended configuration procedure
To configure basic port security mode:
Step Remarks
1.
Configuring global settings for
port security
Required.
This function enables port security globally and configures intrusion
protection actions.
By default, port security is disabled globally.
2.
Configuring basic port security
control
Required.
This function configures the basic port security mode, maximum
secure MAC addresses, intrusion protection, and outbound restriction
for a port.
By default, port security is disabled on all ports, and access to the
ports is not restricted.
3.
Configuring secure MAC
addresses
Optional.
Secure MAC addresses never age out or get lost if saved before the
device restarts. One secure MAC address can be added to only one
port in the same VLAN. You can bind a MAC address to one port in the
same VLAN.
Secure MAC addresses can be learned by a port in basic port security
mode or manually configured in the Web interface.
When the maximum number of secure MAC addresses is reached, no
more can be added. The port allows only packets sourced from a
secure MAC address to pass through.
By default, no secure MAC addresses are configured.
To configure advanced port security mode:
Step Remarks
1.
Configuring global settings for
port security
Required.
This function enables port security globally and configures intrusion
protection actions.
By default, port security is disabled globally.
2.
Configuring advanced port
security control
Required.
This function configures the advanced port security mode, intrusion
protection action, or outbound restriction, and selects whether to
ignore the authorization information from the RADIUS server.
By default, port security is disabled on all ports, and access to the
ports is not restricted.
3.
Optional.
This setting is available only for the 802.1X MAC Based Or OUI
Summary of Contents for FlexNetwork NJ5000
Page 12: ...x Index 440 ...
Page 39: ...27 Figure 16 Configuration complete ...
Page 67: ...55 Figure 47 Displaying the speed settings of ports ...
Page 78: ...66 Figure 59 Loopback test result ...
Page 158: ...146 Figure 156 Creating a static MAC address entry ...
Page 183: ...171 Figure 171 Configuring MSTP globally on Switch D ...
Page 243: ...231 Figure 237 IPv6 active route table ...