Operation Manual – Port Security-Port BindingH3C S5600 Series Ethernet Switches Chapter 1 Port Security Configuration1-1Chapter 1 Port Security ConfigurationWhen configuring port security, go to these sections for information you are interestedin:z Port Security Overviewz Port Security Configuration Task Listz Displaying and Maintaining Port Security Configurationz Port Security Configuration ExampleNote:Two port security modes were added: macAddressAndUserLoginSecure andmacAddressAndUserLoginSecureExt. For details, refer to Port Security Modes.1.1 Port Security Overview1.1.1 IntroductionPort security is a security mechanism for network access control. It is an expansion tothe current 802.1x and MAC address authentication.Port security allows you to define various security modes that enable devices to learnlegal source MAC addresses, so that you can implement different network securitymanagement as needed.With port security enabled, packets whose source MAC addresses cannot be learnedby your switch in a security mode are considered illegal packets, The events thatcannot pass 802.1x authentication or MAC authentication are considered illegal.With port security enabled, upon detecting an illegal packet or illegal event, the systemtriggers the corresponding port security features and takes pre-defined actionsautomatically. This reduces your maintenance workload and greatly enhances systemsecurity and manageability.1.1.2 Port Security FeaturesThe following port security features are provided:z NTK (need to know) feature: By checking the destination MAC addresses inoutbound data frames on the port, NTK ensures that the switch sends data framesthrough the port only to successfully authenticated devices, thus preventing illegaldevices from intercepting network data.