Users Guide

Port and System Security 681

Port and System Security

Dell EMC Networking N-Series Switches

This chapter describes how to configure port-based and system security

features, which control access to the network through the switch ports, and

the denial of service (DoS) feature.

The topics covered in this chapter include:

• Port Security

• Denial of Service

Port Security

Port Security is used to enable security on a per-port basis. When a port is

enabled for Port Security, only packets with allowable source MAC addresses

are forwarded. All other packets are discarded. Port Security allows a

configurable limit to the number of source MAC addresses that can be

learned on a port.

The Port Security feature allows the administrator to limit the number of

source MAC addresses that can be learned on a port. If a port reaches the

configured limit, any additional addresses beyond that limit are not learned,

and the frames received from unlearned stations are discarded. Frames with a

source MAC address that has already been learned will be forwarded.

The purpose of this feature, which is also known as Port-MAC locking, is to

help secure the network by preventing unknown devices from forwarding

packets into the network. For example, to ensure that only a single device can

be active on a port, set the number of allowable dynamic addresses to one.

After the MAC address of the first device is learned, no other devices will be

allowed to forward frames into the network.

NOTE: Port-based security can also be accomplished by using Access Control

Lists (ACLs). For information about configuring ACLs, see "Access Control Lists"

on page 689.