1-11 Port Security ConfigurationWhen configuring port security, go to these sections for information you are interested in:z Port Security Overviewz Port Security Configuration Task Listz Displaying and Maintaining Port Security Configurationz Port Security Configuration ExamplesPort Security OverviewIntroductionPort security is a security mechanism for network access control. It is an expansion to the current802.1x and MAC address authentication.Port security allows you to define various security modes that enable devices to learn legal source MACaddresses, so that you can implement different network security management as needed.With port security enabled, packets whose source MAC addresses cannot be learned by your switch ina security mode are considered illegal packets, The events that cannot pass 802.1x authentication orMAC authentication are considered illegal.With port security enabled, upon detecting an illegal packet or illegal event, the system triggers thecorresponding port security features and takes pre-defined actions automatically. This reduces yourmaintenance workload and greatly enhances system security and manageability.Port Security FeaturesThe following port security features are provided:z NTK (need to know) feature: By checking the destination MAC addresses in outbound data frameson the port, NTK ensures that the switch sends data frames through the port only to successfullyauthenticated devices, thus preventing illegal devices from intercepting network data.z Intrusion protection feature: By checking the source MAC addresses in inbound data frames or theusername and password in 802.1x authentication requests on the port, intrusion protection detectsillegal packets or events and takes a pre-set action accordingly. The actions you can set include:disconnecting the port temporarily/permanently, and blocking packets with the MAC addressspecified as illegal.z Trap feature: When special data packets (generated from illegal intrusion, abnormal login/logout orother special activities) are passing through the switch port, Trap feature enables the switch tosend Trap messages to help the network administrator monitor special activities.Port Security ModesTable 1-1 describes the available port security modes: