Port Security is to protect the switch from the malicious MAC Address Attack by limiting the maximum number of MAC addresses that can be learned on the port. The port with Port Security feature enabled will learn the MAC address dynamically/statically. When the learned MAC address number reaches the maximum, the port will stop learning. So devices with the MAC address unlearned cannot access the network via this port.
Here we will give you a case to tell you how to configure port security applications.
A company is using a TL-SL5428E as the company’s access switch. And they want to achieve this demand:
The port of the switch only can be connected with some specified computers, and one computer can only be connected to a fixed port of the switch; otherwise the computer cannot access the network via this port.
There are two methods to achieve this demand:
Method 1: Auto learning
Go to the web management page of the switch, click on switching->port->port security. Then select the ports you want to configure, type in the maximum number of MAC address learned from individual port. The learn mode should be Permanent, and the status must be Enable. After finished that, please click Apply to apply the configuration (as Figure 2 shows).
After that, please connect your computer to the specified port of the switch (in this case, PC1 should be connected to port 1, and PC2 should be connected to port 2). Please note that every computer must be connected to the correct port. Then the MAC address of the computer will be bounded with the specified port.
The MAC address that the port learned will be displayed on the MAC address table (as the Figure 3 shows below). In this case, the MAC address of PC 1 is 00-19-66-5E-EC-A4, and it has been bounded to port 1. The MAC address of PC 2 is B0-48-7A-C0-4E-46, port 2 is bounded with it. And from now on, you have finished the configuration.
Note: If you connect your computer to a non-specified port, the incorrect MAC address will be learned by the port. Then you need to remove the cable, delete the incorrect learned MAC address information of the port on the static address table. After that, please connect the specified computer to the correct port.
Then let’s see how to configure the port security with manual binding.
Method 2: Manual binding
Click on switching->MAC address -> static address. Now you need to type in the MAC address information of your computer (or other devices), the VLAN ID and the port information that the computer will be bounded (as the Figure 4 shows). Then click Create. And the information you typed in will be shown in the static address table.
Click onswitching->port->port security. Now please enable the port security function, and the max learned MAC should be set 0. Click Apply to apply the configuration.
The bounded static MAC address can be searched on the MAC address table page. And we have finished the configuration of port security.
Note: Please remember to click saving config to save the configuration you have done.