M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D EPort SecurityThe port security feature can be used to block computers from accessing the network byrequiring the port to validate the MAC address against a known list of MAC addresses.This port security feature is provided on an Ethernet, Fast Ethernet, or Gigabit Ethernetport. In case of a security violation, the port can be configured to go into the disablemode or drop mode. The disable mode disables the port, not allowing any traffic to passthrough. The drop mode allows the port to remain enabled during a security violation anddrop only packets that are coming in from insecure hosts. This is useful when there areother network devices connected to the Magnum 6K family of switches. If there is aninsecure access on the secondary device, the Magnum 6K family of switches allows theauthorized users to continue to access the network; the unauthorized packets are droppedpreventing access to the network.NNreetwork securityetwork security hinges on the ability to allow or deny access to networksources. The access control aspect of secure network services involvesallowing or disallowing traffic based on information contained in packets,such as the IP address, MAC address, or other content. Planning for access is a keyarchitecture and design consideration. For example, which ports are configured for portsecurity? Normally rooms with public access e.g. lobby, conference rooms etc. should beconfigured with port security. Once that is decided, the next few decisions are – who arethe authorized and unauthorized users? What action should be taken against authorized aswell as unauthorized users? How are the users identified as authorized or unauthorized?Configuring Port SecurityLogin as a level 2 user or as a manager to configure port security. Once logged in, get tothe port-security configuration level to setup and configure port security.Syntax port-securityFor exampleMagnum6K25# configure port-securityMagnum6K25(port-security)##FIGURE 55 – Port security configuration modeAlternately, the following commands can also be used to enter the port-securityconfiguration mode:Magnum6K25# port-securityj90