Operation Manual – Port Security-Port BindingH3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration1-1Chapter 1 Port Security ConfigurationWhen configuring port security, go to these sections for information you are interestedin:z Port Security Overviewz Port Security Configuration Task Listz Displaying and Maintaining Port Security Configurationz Port Security Configuration Example1.1 Port Security Overview1.1.1 IntroductionPort security is a security mechanism for network access control. It is an expansion tothe current 802.1x and MAC address authentication.Port security allows you to define various security modes that enable devices to learnlegal source MAC addresses, so that you can implement different network securitymanagement as needed.With port security enabled, packets whose source MAC addresses cannot be learnedby your switch in a security mode are considered illegal packets, The events thatcannot pass 802.1x authentication or MAC authentication are considered illegal.With port security enabled, upon detecting an illegal packet or illegal event, the systemtriggers the corresponding port security features and takes pre-defined actionsautomatically. This reduces your maintenance workload and greatly enhances systemsecurity and manageability.1.1.2 Port Security FeaturesThe following port security features are provided:z NTK (need to know) feature: By checking the destination MAC addresses inoutbound data frames on the port, NTK ensures that the switch sends data framesthrough the port only to successfully authenticated devices, thus preventing illegaldevices from intercepting network data.z Intrusion protection feature: By checking the source MAC addresses in inbounddata frames or the username and password in 802.1x authentication requests onthe port, intrusion protection detects illegal packets or events and takes a pre-setaction accordingly. The actions you can set include: disconnecting the porttemporarily/permanently, and blocking packets with the MAC address specified asillegal.