GE ML1200 Switch User Manual


 
6–2 MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL
ACCESS CONSIDERATIONS CHAPTER 6: ACCESS CONSIDERATIONS
6.1.3 Port Security Feature
The port security feature can be used to block computers from accessing the network by
requiring the port to validate the MAC address against a known list of MAC addresses. This
port security feature is provided on an Ethernet, or Fast Ethernet, port. In case of a security
violation, the port can be configured to go into the disable mode or drop mode. The disable
mode disables the port, not allowing any traffic to pass through. The drop mode allows the
port to remain enabled during a security violation and drop only packets that are coming
in from insecure hosts. This is useful when there are other network devices connected to
the MultiLink ML1200 Managed Field Switch. If there is an insecure access on the
secondary device, the MultiLink ML1200 Managed Field Switch allows the authorized users
to continue to access the network; the unauthorized packets are dropped preventing
access to the network.
Note
Network security hinges on the ability to allow or deny access to network resources. This
aspect of secure network services involves allowing or disallowing traffic based on
information contained in packets, such as the IP address or MAC address. Planning for
access is a key architecture and design consideration. For example, which ports are
configured for port security? Normally rooms with public access (e.g. lobby, conference
rooms, etc.) should be configured with port security. Once that is decided, the next few
decisions are: Who are the authorized and unauthorized users? What action should be
taken against authorized as well as unauthorized users? How are the users identified as
authorized or unauthorized?