Filter
Top Products
Chapter 15. Security Management | 269
15
15. Security Management
In this chapter, examples are provided for the following topics:
• Port Security
• Set the Dynamic and Static Limit on Port 1/0/1 on page 270
• Convert the Dynamic Address Learned from 1/0/1 to a Static Address on page 271
• Create a Static Address on page 272
• Protected Ports on page 273
• 802.1x Port Security on page 280
• Create a Guest VLAN on page 286
• Assign VLANs Using RADIUS on page 291
• Dynamic ARP Inspection on page 297
• Static Mapping on page 303
• DHCP Snooping on page 305
• Enter Static Binding into the Binding Database on page 309
• Maximum Rate of DHCP Messages on page 310
• IP Source Guard on page 312
Port Security
Port Security helps secure the network by preventing unknown devices from forwarding
packets. When a link goes down, all dynamically locked addresses are freed. The port
security feature offers the following benefits:
• You can limit the number of MAC addresses on a given port. Packets that have a
matching MAC address (secure packets) are forwarded; all other packets (unsecure
packets) are restricted.
• You can enable port security on a per port basis.
Port security implements two traffic filtering methods, dynamic locking and static locking.
These methods can be used concurrently.
• Dynamic locking. You can specify the maximum number of MAC addresses that can be
learned on a port. The maximum number of MAC addresses is platform dependent and is