173
Configuring port security
Overview
Port security combines and extends 802.1X and MAC authentication to provide MAC-based network
access control. This feature applies to networks, such as a WLAN, that require different authentication
methods for different users on a port.
Port security provides the following functions:
•
Prevents unauthorized access to a network by checking the source MAC address of inbound traffic.
•
Prevents access to unauthorized devices or hosts by checking the destination MAC address of
outbound traffic.
•
Controls MAC address learning and authentication on a port to make sure the port learns only
source trusted MAC addresses.
A frame is illegal if its source MAC address cannot be learned in a port security mode or it is from a client
that has failed 802.1X or MAC authentication. The port security feature automatically takes a predefined
action on illegal frames. This automatic mechanism enhances network security and reduces human
intervention.
NOTE:
For scenarios that require only 802.1X authentication or MAC authentication, HP recommends you use
the 802.1X authentication or MAC authentication feature rather than port security. For more information
about 802.1X and MAC authentication, see "
."
Port security features
NTK
The need to know (NTK) feature prevents traffic interception by checking the destination MAC address in
the outbound frames. The feature ensures that frames are sent only to the following hosts:
•
Hosts that have passed authentication.
•
Hosts whose MAC addresses have been learned or configured on the access device.
Intrusion protection
The intrusion protection feature checks the source MAC address in inbound frames for illegal frames, and
takes a predefined action on each detected illegal frame. The action can be disabling the port
temporarily, disabling the port permanently, or blocking frames from the illegal MAC address for 3
minutes (not user configurable).
Port security modes
Port security supports the following categories of security modes: