What is port security and how does it work with my managed switch? (2024)

NETGEAR Support

Was this article helpful? Yes No

Port Security helps secure the network by preventing unknown devices from forwarding packets. When a link goes down, all dynamically locked addresses are freed. The port security feature offers the following benefits:

You can limit the number of MAC addresses on a given port. Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure packets) are restricted.
You can enable port security on a per port basis.

Port security implements two traffic filtering methods, dynamic locking and static locking. These methods can be used concurrently.

Dynamic locking. You can specify the maximum number of MAC addresses that can be learned on a port. The maximum number of MAC addresses is platform dependent and is given in the software Release Notes. After the limit is reached, additional MAC addresses are not learned. Only frames with an allowable source MAC addresses are forwarded.
Note: If you want to set a specific MAC address for a port, set the dynamic entries to 0, then allow only packets with a MAC address matching the MAC address in the static list.
See Also
Custom Scan Types with --scanflags What are the typical connectivity options for document scanners, such as USB, Ethernet, or Wi-Fi?What Are Network Ports and Port Scanning Techniques?  W3Schools.com
Dynamically locked addresses can be converted to statically locked addresses. Dynamically locked MAC addresses are aged out if another packet with that address is not seen within the age-out time. You can set the time out value. Dynamically locked MAC addresses are eligible to be learned by another port. Static MAC addresses are not eligible for aging.
Static locking. You can manually specify a list of static MAC addresses for a port. Dynamically locked addresses can be converted to statically locked addresses.

This article applies to the following managed switches and their respective firmware:

M5300 - firmware version 10.0.0.x
- M5300-28G (GSM7228S)
- M5300-5G (GSM7252S)
- M5300-28G3 (GSM7328Sv2h2)
- M5300-52G3 (GSM7352Sv2h2)
- M5300-28G_POE+ (GSM7228PSv1h2)
- M5300-52G-POE+ (GSM7252PSv1h2)
- M5300-28GF3 (GSM7328FSv2)
M4100 - firmware version 10.0.1.x
- M4100-26G (GSM7224v2h2)
- M4100-50G (GSM7248v2h2)
- M4100-26G-POE (GSM7226Pv1h1)
- M4100-50G-POE+ (GSM7248Pv1h1)
- M4100-26G-POE (FSM7226Pv1h1)
- M4100-50-POE (FSM7250Pv1h1)
- M4100-D12G (GSM5212v1h1)
- M4100-D10-POE (FSM5210Pv1h1)
M7100 - firmware version 10.0.1.x
- M7100-24X (XSM7224)
XSM7224S - firmware version 9.0.1.x

Last Updated:11/28/2016 | Article ID: 21786

Was this article helpful?

Yes No

This article applies to:

Fully Managed Switch (51)
- GSM4230PX (TAA)
- GSM4248PX (TAA)
- GSM7228PS
- GSM7252PS
- GSM7328FS
- GSM7328SO
- GSM7328Sv1
- GSM7328Sv2
- GSM7352SO
- GSM7352Sv1
- GSM7352Sv2
- M4200-10MG-PoE+ (GSM4210P)
- M4250-10G2F-PoE+ (GSM4212P)
- M4250-10G2XF-PoE+ (GSM4212PX)
- M4250-10G2XF-PoE++ (GSM4212UX)
- M4250-12M2XF (MSM4214X)
- M4250-16XF (XSM4216F)
- M4250-26G4F-PoE+ (GSM4230P)
- M4250-26G4F-PoE++ (GSM4230UP)
- M4250-26G4XF-PoE+ (GSM4230PX)
- M4250-40G8F-PoE+ (GSM4248P)
- M4250-40G8XF-PoE+ (GSM4248PX)
- M4250-40G8XF-PoE++ (GSM4248UX)
- M4250-8G2XF-PoE+ (GSM4210PX)
- M4250-9G1F-PoE+ (GSM4210PD)
- M4300-12X12F (XSM4324S)
- M4300-16X (XSM4316PA)
- M4300-16X (XSM4316PB)
- M4300-24X (XSM4324CS)
- M4300-24X24F (XSM4348S)
- M4300-24XF (XSM4324FS)
- M4300-28G (GSM4328S)
- M4300-28G-PoE+ (GSM4328PA)
- M4300-28G-PoE+ (GSM4328PB)
- M4300-48X (XSM4348CS)
- M4300-48XF (XSM4348FS)
- M4300-52G (GSM4352S)
- M4300-52G-PoE+ (GSM4352PA)
- M4300-52G-PoE+ (GSM4352PB)
- M4300-8X8F (XSM4316S)
- M4500-32C (CSM4532)
- M4500-48XF8C (XSM4556)
- M5300
- M5300-28G (GSM7228S)
- M5300-28G-POE+ (GSM7228PSv1h2)
- M5300-28G3 (GSM7328Sv2h2)
- M5300-28GF3 (GSM7328FSv2)
- M5300-52G (GSM7252S)
- M5300-52G-POE+ (GSM7252PSv1h2)
- M5300-52G3 (GSM7352Sv2h2)
- MSM4214X (TAA)
Legacy Fully Managed Switch (12)
- GSM7224v1
- GSM7224v2
- GSM7248v1
- GSM7248v2
- M4100-26-POE (FSM7226Pv1h1)
- M4100-26G (GSM7224v2h2)
- M4100-26G-POE (GSM7226LPv1h1)
- M4100-50-POE (FSM7250Pv1h1)
- M4100-50G (GSM7248v2h2)
- M4100-50G-POE+ (GSM7248Pv1h1)
- M4100-D10-POE (FSM5210Pv1h1)
- M4100-D12G (GSM5212v1h1)

How to Find Your Model Number

Read this article in another language:

Looking for more about your product?

Get information, documentation, videos and more for your specific product.

Can’t find what you’re looking for?

Quick and easy solutions are available for you in the NETGEAR community.

Ask the Community

Need to Contact NETGEAR Support?

With NETGEAR’s round-the-clock premium support, help is just a phone call away.

See Support Options

Complimentary Support

NETGEAR provides complimentary technical support for NETGEAR products for 90 days from the original date of purchase.

Contact Support

NETGEAR Premium Support

GearHead Support for Home Users

GearHead Support is a technical support service for NETGEAR devices and all other connected devices in your home. Advanced remote support tools are used to fix issues on any of your devices. The service includes support for the following:

Desktop and Notebook PCs, Wired and Wireless Routers, Modems, Printers, Scanners, Fax Machines, USB devices and Sound Cards
Windows Operating Systems (2000, XP or Vista), MS Word, Excel, PowerPoint, Outlook and Adobe Acrobat
Anti-virus and Anti-Spyware: McAfee, Norton, AVG, eTrust and BitDefender

Learn More

ProSUPPORT Services for Business Users

NETGEAR ProSUPPORT services are available to supplement your technical support and warranty entitlements. NETGEAR offers a variety of ProSUPPORT services that allow you to access NETGEAR's expertise in a way that best meets your needs:

Product Installation
Professional Wireless Site Survey
Defective Drive Retention (DDR) Service

Learn More