Support User Manuals

Accton Technology ES4548C Switch User Manual

Open as PDF

of 426

User Authentication

3-41

3

CLI – This example enables SSH, sets the authentication parameters, and displays

the current configuration. It shows that the administrator has made a connection via

SHH, and then disables this connection.

Configuring Port Security

Port security is a feature that allows you to configure a switch port with one or more

device MAC addresses that are authorized to access the network through that port.

When port security is enabled on a port, the switch stops learning new MAC

addresses on the specified port when it has reached a configured maximum

number. Only incoming traffic with source addresses already stored in the dynamic

or static address table will be accepted as authorized to access the network through

that port. If a device with an unauthorized MAC address attempts to use the switch

port, the intrusion will be detected and the switch can automatically take action by

disabling the port and sending a trap message.

To use port security, specify a maximum number of addresses to allow on the port

and then let the switch dynamically learn the <source MAC address, VLAN> pair for

frames received on the port. Note that you can also manually add secure addresses

to the port using the Static Address Table (page 3-88). When the port has reached

the maximum number of MAC addresses the selected port will stop learning. The

MAC addresses already in the address table will be retained and will not age out.

Any other device that attempts to use the port will be prevented from accessing the

switch.

Command Usage

• A secure port has the following restrictions:

- It cannot use port monitoring.

- It cannot be a multi-VLAN port.

- It cannot be used as a member of a static or dynamic trunk.

- It should not be connected to a network interconnection device.

• The default maximum number of MAC addresses allowed on a secure port is zero.

You must configure a maximum address count from 1 - 20 for the port to allow

access.

Console(config)#ip ssh server 4-36

Console(config)#ip ssh timeout 100 4-37

Console(config)#ip ssh authentication-retries 5 4-37

Console(config)#ip ssh server-key size 512 4-38

Console(config)#end

Console#show ip ssh 4-40

SSH Enabled - version 2.0

Negotiation timeout: 120 secs; Authentication retries: 3

Server key size: 768 bits

Console#show ssh 4-41

Information of secure shell

Session Username Version Encrypt method Negotiation state

------- -------- ------- -------------- -----------------

0 admin 2.0 cipher-3des session-started

Console#disconnect 0 4-18

Console#

previous next