l2portsec
Configuring Port Security
To configure secure ports, create MAC address objects for the trusted MAC addresses and bind them to specific ports. Frames whose source addresses are not contained in the table will be dropped.
Note A secure port is meant to receive untagged frames. If a frame has a tag, even when its Security Association (SA) is trusted, it will be discarded. A LACP Port or VLAN trunk port cannot also be a Secure Port at the same time.
Each port can be configured to enable or disable the Discard Tagged option. When it is enabled, all frames with a LLDP 802.1AB tag will be discarded. This prevents a non-trunk port from connecting to a trunk port.
Adding MAC Addresses to an Interface
You must use an address object to bind MAC address(es) to an interface. You can create an address object from within this procedure, or use an existing one. For more information about address objects, see “Network > Address Objects” section .
To add MAC addresses to an interface, perform the following steps:
Step 1 On the Switching > Port Security page, click the Add button at the bottom of the page. The Add Static MAC Address window opens.
Step 2 Select the desired interface from the Port drop-down list.
Step 3 If the address object that contains the desired MAC addresses already exists, select it from the MAC Address drop-down list. To create an address object, select Create new address object from the drop-down list. TheAdd Address Object window opens.
Note Turn off the pop-up blocker in your browser before selecting Create new address object .
Step 4 Type a descriptive name for the address object into the Name field.
Step 5 Select the zone from the Zone Assignment drop-down list.
Step 6 The Type is set to MAC and cannot be changed.
Step 7 If the device with this MAC address can have multiple IP addresses, select the Multi-homed host checkbox. Otherwise, clear this checkbox.
Step 8 Click OK in the Add Address Object window.
Step 9 The new address object appears in the MAC Address field of the Add Static MAC Address window. Click OK . Editing MAC Address Objects
To edit a MAC address object for a secure port, perform the following steps:
Step 1 Click the Configure icon in the row for the MAC address object you want to edit. The Edit Static MAC Address window opens.
Step 2 Select a different address object or select Create new address object from the MAC Address drop-down list.
Step 3 When finished, click OK . Deleting MAC Address Objects
To delete one or more MAC address objects, perform the following steps:
Step 1 To delete a single MAC address object, click the Delete icon in the row for the MAC address object you want to delete.
Step 2 To delete multiple MAC address objects, select the checkboxes next to the MAC address objects you want to delete and then click the Delete Selected button at the bottom of the page.
Step 3 Click OK in the confirmation dialog box.