About Me
MikroTik Certified Switching Engineer (MTCSWE)
1 Introduction to Networking
1-1 Basic Networking Concepts
1-2 OSI Model
1-3 TCPIP Model
1-4 Network Devices
2 MikroTik RouterOS Basics
2-1 Introduction to RouterOS
2-2 RouterOS Interface Types
2-3 Basic Configuration
2-4 User Management
2-5 System Logging
3 Switching Fundamentals
3-1 Introduction to Switching
3-2 MAC Addresses
3-3 Ethernet Frame Structure
3-4 VLAN Basics
3-5 Trunking and Inter-VLAN Routing
4 MikroTik SwitchOS Basics
4-1 Introduction to SwitchOS
4-2 SwitchOS Interface Types
4-3 Basic Configuration
4-4 User Management
4-5 System Logging
5 VLAN Configuration
5-1 VLAN Creation and Configuration
5-2 VLAN Trunking Protocol (VTP)
5-3 Inter-VLAN Routing
5-4 VLAN Security
6 Spanning Tree Protocol (STP)
6-1 Introduction to STP
6-2 STP Operation
6-3 Rapid Spanning Tree Protocol (RSTP)
6-4 Multiple Spanning Tree Protocol (MSTP)
6-5 STP Configuration
7 Link Aggregation
7-1 Introduction to Link Aggregation
7-2 Link Aggregation Control Protocol (LACP)
7-3 Static Link Aggregation
7-4 Link Aggregation Configuration
8 Quality of Service (QoS)
8-1 Introduction to QoS
8-2 QoS Models
8-3 Traffic Shaping and Policing
8-4 QoS Configuration
9 Security Features
9-1 Introduction to Network Security
9-2 Port Security
9-3 Access Control Lists (ACLs)
9-4 DHCP Snooping
9-5 Dynamic ARP Inspection (DAI)
10 Advanced Switching Topics
10-1 Layer 3 Switching
10-2 Multicast Routing
10-3 Link Layer Discovery Protocol (LLDP)
10-4 Power over Ethernet (PoE)
11 Troubleshooting and Maintenance
11-1 Common Switching Issues
11-2 Troubleshooting Tools
11-3 Switch Maintenance
11-4 Backup and Restore
12 MikroTik Certification Exam Preparation
12-1 Exam Overview
12-2 Study Tips
12-3 Practice Questions
12-4 Exam Registration and Scheduling
9.2 Port Security Explained

9.2 Port Security Explained

Key Concepts of Port Security

Port Security is a feature used to protect network switches by limiting the number of MAC addresses that can be learned on a specific port. Key concepts include:

MAC Address Learning

MAC Address Learning is the process by which a switch learns the MAC addresses of devices connected to its ports. When a device sends a frame, the switch records the source MAC address and the port number in its MAC address table. This allows the switch to forward frames only to the appropriate port.

Example: When a PC with MAC address 00:1A:2B:3C:4D:5E sends a frame, the switch learns this MAC address and associates it with the port to which the PC is connected. The next time the switch receives a frame destined for 00:1A:2B:3C:4D:5E, it forwards the frame only to that port.

Maximum MAC Addresses

Maximum MAC Addresses refers to the maximum number of MAC addresses that a port can learn. This limit helps prevent unauthorized devices from connecting to the network through that port. Exceeding this limit triggers a violation mode action.

Example: If a port is configured to learn a maximum of 3 MAC addresses, and a fourth device attempts to connect, the switch will take action based on the configured violation mode.

Violation Mode

Violation Mode defines the action taken by the switch when a port exceeds the maximum number of allowed MAC addresses. Common violation modes include:

Example: If a port is configured with a violation mode of "Shutdown" and it exceeds the maximum number of MAC addresses, the port will be disabled, and an administrator will need to manually re-enable it.

Secure MAC Addresses

Secure MAC Addresses are the list of MAC addresses that are allowed to communicate through a secure port. Only devices with MAC addresses in this list can send and receive traffic through the port. This helps prevent unauthorized devices from accessing the network.

Example: A switch port is configured with secure MAC addresses 00:1A:2B:3C:4D:5E and 00:2A:3B:4C:5D:6E. Only devices with these MAC addresses can communicate through the port. Any other device attempting to connect will be denied access.

Static and Dynamic MAC Addresses

Static MAC addresses are manually configured on the switch, while dynamic MAC addresses are learned by the switch. Static MAC addresses are typically used for critical devices that should always have access, while dynamic MAC addresses are used for devices that connect and disconnect frequently.

Example: A server with a static MAC address 00:1A:2B:3C:4D:5E is configured on a switch port. This ensures that the server always has access to the network. Other devices, such as PCs, will have their MAC addresses dynamically learned by the switch as they connect.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.