3Com Switch 7750 Configuration Guide Guide
24
PORT SECURITY CONFIGURATION
Port Security
Overview
Introduction Port security is a security mechanism for network access control. It is an expansion
to the current 802.1x and MAC address authentication.
Port security defines various security modes that allow devices to learn legal source
MAC addresses, in order for you to implement different network security
management as needed. With port security, packets whose source MAC addresses
cannot be learned by your switch in a security mode are considered illegal packets,
and 802.1x authentication failure events are considered illegal events.
Upon detecting an illegal packet or illegal event, the system triggers the
corresponding port security features and takes pre-defined actions automatically.
This reduces your maintenance workload and greatly enhances system security
and manageability.
Port Security Features The following port security features are provided:
1 NTK (need to know): By checking the destination MAC addresses in outbound
data frames on a port, NTK ensures that only successfully authenticated devices
can obtain data frames from the port, thus preventing illegal devices from
intercepting network data.
2 Intrusion protection: By checking the source MAC addresses in inbound data
frames or the username and password in 802.1x authentication requests on a
port, intrusion protection detects illegal packets (packets with illegal MAC address)
or events and takes a pre-set action accordingly. The actions you can set include:
disconnecting the port temporarily/permanently, and blocking packets with invalid
MAC addresses.
3 Device tracking: When special data packets (generated from illegal intrusion,
abnormal login/logout or other special activities) are passing through a switch
port, device tracking enables the switch to send Trap messages to help the
network administrator monitor special activities.
Port Security Modes Table 122 describes the available port security modes: