3. New addresses are not
allowed to create new MAC
address table entries.
When frames with an unauthorized MAC address
arrive on the port, the switch determines that the
address is not in the current MAC address table and
does not create a dynamic entry for that new MAC
address.
4. The switch takes action in
response to unauthorized
frames.
The switch disallows access to the port and takes
one of these con?¬?guration-dependent actions: (a)
the entire switch port can be shut down; (b) access
can be denied for only that MAC address, and a log
error message is generated; (c) access can be
denied for that MAC address, but no log message is
generated.
NOTE You cannot apply port security to trunk ports because addresses on trunk links
might change frequently. Implementations of port security vary depending on which
Cisco Catalyst switch is in use. Check documentation to determine whether and how
particular hardware supports this feature.
74 Chapter 2: Medium-Sized Switched Network Construction
802.X Port-Based Authentication
The IEEE 802.1X standard de?¬?nes a port-based access control and authentication protocol
that restricts unauthorized workstations from connecting to a LAN through publicly
accessible switch ports.
Pages:
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133