Support User Manuals

SMC Networks SMC6624M Switch User Manual

Open as PDF

of 364

7-16

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Using Passwords, Port

Security, and Authorized IP

Specifying Authorized Devices and Intrusion Responses. This exam-

ple configures port 1 to automatically accept the first device (MAC address)

it detects as the only authorized device for that port. (The default device limit

is 1.) It also configures the port to send an alarm to a network management

station and disable itself if an intruder is detected on the port.

SMC TigerSwitch 10/100(config)# port-security 1 learn-

mode static action send-disable

The next example does the same as the preceding example, except that it

specifies a MAC address of 0c0090-123456 as the authorized device instead of

allowing the port to automatically assign the first device it detects as an

authorized device.

SMC TigerSwitch 10/100(config)# port-security 1 learn-

mode static mac-address 0c0090-123456 action send-disable

This example configures port 5 to:

■ Allow two MAC addresses, 00c100-7fec00 and 0060b0-889e00, as the

authorized devices

■ Send an alarm to a management station if an intruder is detected on the

port

SMC TigerSwitch 10/100(config)# port-security 5 learn-

mode static address-limit 2 mac-address 00c100-7fec00

0060b0-889e00 action send-alarm

If you manually configure authorized devices (MAC addresses) and/or an

alarm action on a port, those settings remain unless you either manually

change them or the switch is reset to its factory-default configuration. You can

“turn off” authorized devices on a port by configuring the port to continuous

Learn Mode, but subsequently reconfiguring the port to static Learn Mode

restores those authorized devices.

Adding an Authorized Device to a Port. To simply add a device (MAC

address) to a port’s existing Authorized Addresses list, enter the port number

with the mac-address parameter and the device’s MAC address. This assumes

that Learn Mode is set to static and the Authorized Addresses list is not full

(as determined by the current Address Limit value). For example, suppose

port 2 allows two authorized devices, but has only one device in its Authorized

Address list:

previous next