User manual

ManualsBrandsLG ManualsNetworkingES-2026

181

182

183

184

185

186

187

188

189

190

HAPTER

| Security Measures

Configuring Port Security

– 187 –

ES-2000 Series

CONFIGURING PORT SECURITY

Use the Security > Port Security page to configure the maximum number

of device MAC addresses that can be learned by a switch port, stored in the

address table, and authorized to access the network.

When port security is enabled on a port, the switch stops learning new MAC

addresses on the specified port when it has reached a configured maximum

number. Only incoming traffic with source addresses already stored in the

address table will be authorized to access the network through that port. If

a device with an unauthorized MAC address attempts to use the switch

port, the intrusion will be detected and the switch can automatically take

action by disabling the port and sending a trap message.

COMMAND USAGE

◆ The default maximum number of MAC addresses allowed on a secure

port is zero (that is, disabled). To use port security, you must configure

the maximum number of addresses allowed on a port.

◆ To configure the maximum number of address entries which can be

learned on a port, first disable port security on a port, and then specify

the maximum number of dynamic addresses allowed. The switch will

learn up to the maximum number of allowed address pairs <source

MAC address, VLAN> for frames received on the port. When the port

has reached the maximum number of MAC addresses, the port will stop

learning new addresses. The MAC addresses already in the address

table will be retained and will not be aged out.

Note that you can manually add additional secure addresses to a port

using the Static Address Table (page 101).

◆ If port security is enabled, and the maximum number of allowed

addresses are set to a non-zero value, any device not in the address

table that attempts to use the port will be prevented from accessing the

switch.

◆ If a port is disabled (shut down) due to a security violation, it must be

manually re-enabled from the Interface > Port > General page

(page 65).

◆ A secure port has the following restrictions:

■

It cannot be used as a member of a static or dynamic trunk.

■

It should not be connected to a network interconnection device.

PARAMETERS

These parameters are displayed:

◆ Port – Port number.

◆ Action – Indicates the action to be taken when a port security violation

is detected: