Extreme Network Switch Port Security Configuration Settings

26.03.2025
0
2.006

Network Security starts with Port Security configurations and defines how many Ethernet interfaces will come through each interface.

Extreme Network Switch Port Security Configuration Settings

Switches are the indispensable element of networks that communicate computers and servers with each other from endless points regardless of distance. A port without Port Security configuration means that the switch and even the entire network is open to possible dangers. You can provide Port Security on Enterasys Switches very easily.

Port – Interface – Ethernet Terms

These switches have physical ports that allow Ethernet interfaces to physically join the network. These ports have interface equivalents on the configuration side.

Configurations made on these interfaces affect all Ethernet interfaces (computer, server, Access Point, etc.) connected to the physical port.

We can easily set how many Ethernet interfaces can be included in the network via Interface. The switch counts the MAC addresses of the Ethernet interfaces connected to its port and we can limit this value with“Port Security“.

port güvenliği
Port Mac Address Limitation

All edge switches in a network with standard security should have the structure in the picture. So single port single ethernet.

Extreme Switch Port Security Komutları

We finish the job in one line by specifying the parameters with the “config port_security” command. 🙂

config port_security ports 1-8 admin_state enable max_learning_addr 1 lock_address_mode deleteontimeout
SSH Config

Let’s explain the parameters we wrote under the port_security command one by one.

  1. ports <port_number or range> enter the port (interface) numbers or ranges on which this command will work. For example, it can be combined as 1 or 1,3,7,34 or 1-8 or 1-4,6-24,41 or enough is enough :).
  2. admin_state <value> this parameter can be selected as enable/disable or blank.
  3. In the max_learning_addr <number> parameter, it is determined how many MAC (physical address), i.e. Ethernet interfaces can be allowed through the configured interface. For example 1 or 3 or 6, it is up to you to determine this value. However, if you say single port single ethernet, you should give a value of 1.
  4. lock_address_mode <deleteontimeout> With this parameter, it is determined when the mac address in the interface security will be forgotten. In this example, by typing “deleteontimeout”, the Mac address is ordered to be deleted when the timeout occurs.

When you run the command with these parameters, you create a security layer on the ports you have specified on the Switch.

show config modified
SSH Config

command to display the running configuration on the screen;

Switch show config modified
-show config modified

If you encounter an error, you can write to me in the comments section or open a case on the Extreme Network Support page.

MAKE A COMMENT
COMMENTS - 0 COMMENTS

No comments yet.

Bu web sitesi, bilgisayarınıza bilgi depolamak amacıyla bazı tanımlama bilgilerini kullanabilir.
Bu bilgilerin bir kısmı sitenin çalışmasında esas rolü üstlenirken bir kısmı ise kullanıcı deneyimlerinin iyileştirilmesine ve geliştirilmesine yardımcı olur.
Sitemize ilk girişinizde vermiş olduğunuz çerez onayı ile bu tanımlama bilgilerinin yerleştirilmesine izin vermiş olursunuz.
Çerez bilgilerinizi güncellemek için ekranın sol alt köşesinde bulunan mavi kurabiye logosuna tıklamanız yeterli. Kişisel Verilerin Korunması,
Gizlilik Politikası ve Çerez (Cookie) Kullanımı İlkeleri hakkında detaylı bilgi için KVKK&GDPR sayfamızı inceleyiniz.
| omersahin.com.tr |
Copyright | 2007-2025