GE ML2400 Switch User Manual


 
6–2 MULTILINK ML2400 ETHERNET COMMUNICATIONS SWITCH – INSTRUCTION MANUAL
ACCESS CONSIDERATIONS CHAPTER 6: ACCESS CONSIDERATIONS
6.1.3 Port Security Feature
The port security feature can be used to block computers from accessing the network by
requiring the port to validate the MAC address against a known list of MAC addresses. This
port security feature is provided on an Ethernet, Fast Ethernet, or Gigabit Ethernet port. In
case of a security violation, the port can be configured to go into the disable mode or drop
mode. The disable mode disables the port, not allowing any traffic to pass through. The
drop mode allows the port to remain enabled during a security violation and drop only
packets that are coming in from insecure hosts. This is useful when there are other network
devices connected to the MultiLink family of switches. If there is an insecure access on the
secondary device, the MultiLink family of switches allow the authorized users to continue
to access the network; the unauthorized packets are dropped preventing access to the
network.
Note
Network security hinges on the ability to allow or deny access to network resources. This
aspect of secure network services involves allowing or disallowing traffic based on
information contained in packets, such as the IP address or MAC address. Planning for
access is a key architecture and design consideration. For example, which ports are
configured for port security? Normally rooms with public access (e.g. lobby, conference
rooms, etc.) should be configured with port security. Once that is decided, the next few
decisions are: Who are the authorized and unauthorized users? What action should be
taken against authorized as well as unauthorized users? How are the users identified as
authorized or unauthorized?