NETGEAR Support Was this article helpful? Yes No
Port Security helps secure the network by preventing unknown devices from forwarding packets. When a link goes down, all dynamically locked addresses are freed. The port security feature offers the following benefits:
- You can limit the number of MAC addresses on a given port. Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure packets) are restricted.
- You can enable port security on a per port basis.
Port security implements two traffic filtering methods, dynamic locking and static locking. These methods can be used concurrently.
- Dynamic locking. You can specify the maximum number of MAC addresses that can be learned on a port. The maximum number of MAC addresses is platform dependent and is given in the software Release Notes. After the limit is reached, additional MAC addresses are not learned. Only frames with an allowable source MAC addresses are forwarded.
Note: If you want to set a specific MAC address for a port, set the dynamic entries to 0, then allow only packets with a MAC address matching the MAC address in the static list.
See AlsoCustom Scan Types with --scanflagsWhat are the typical connectivity options for document scanners, such as USB, Ethernet, or Wi-Fi?What Are Network Ports and Port Scanning Techniques? W3Schools.comDynamically locked addresses can be converted to statically locked addresses. Dynamically locked MAC addresses are aged out if another packet with that address is not seen within the age-out time. You can set the time out value. Dynamically locked MAC addresses are eligible to be learned by another port. Static MAC addresses are not eligible for aging.
- Static locking. You can manually specify a list of static MAC addresses for a port. Dynamically locked addresses can be converted to statically locked addresses.
This article applies to the following managed switches and their respective firmware:
- M5300 - firmware version 10.0.0.x
- M5300-28G (GSM7228S)
- M5300-5G (GSM7252S)
- M5300-28G3 (GSM7328Sv2h2)
- M5300-52G3 (GSM7352Sv2h2)
- M5300-28G_POE+ (GSM7228PSv1h2)
- M5300-52G-POE+ (GSM7252PSv1h2)
- M5300-28GF3 (GSM7328FSv2)
- M4100 - firmware version 10.0.1.x
- M4100-26G (GSM7224v2h2)
- M4100-50G (GSM7248v2h2)
- M4100-26G-POE (GSM7226Pv1h1)
- M4100-50G-POE+ (GSM7248Pv1h1)
- M4100-26G-POE (FSM7226Pv1h1)
- M4100-50-POE (FSM7250Pv1h1)
- M4100-D12G (GSM5212v1h1)
- M4100-D10-POE (FSM5210Pv1h1)
- M7100 - firmware version 10.0.1.x
- M7100-24X (XSM7224)
- XSM7224S - firmware version 9.0.1.x
Last Updated:11/28/2016 | Article ID: 21786
Was this article helpful?
Yes NoThis article applies to:
- Fully Managed Switch (51)
- GSM4230PX (TAA)
- GSM4248PX (TAA)
- GSM7228PS
- GSM7252PS
- GSM7328FS
- GSM7328SO
- GSM7328Sv1
- GSM7328Sv2
- GSM7352SO
- GSM7352Sv1
- GSM7352Sv2
- M4200-10MG-PoE+ (GSM4210P)
- M4250-10G2F-PoE+ (GSM4212P)
- M4250-10G2XF-PoE+ (GSM4212PX)
- M4250-10G2XF-PoE++ (GSM4212UX)
- M4250-12M2XF (MSM4214X)
- M4250-16XF (XSM4216F)
- M4250-26G4F-PoE+ (GSM4230P)
- M4250-26G4F-PoE++ (GSM4230UP)
- M4250-26G4XF-PoE+ (GSM4230PX)
- M4250-40G8F-PoE+ (GSM4248P)
- M4250-40G8XF-PoE+ (GSM4248PX)
- M4250-40G8XF-PoE++ (GSM4248UX)
- M4250-8G2XF-PoE+ (GSM4210PX)
- M4250-9G1F-PoE+ (GSM4210PD)
- M4300-12X12F (XSM4324S)
- M4300-16X (XSM4316PA)
- M4300-16X (XSM4316PB)
- M4300-24X (XSM4324CS)
- M4300-24X24F (XSM4348S)
- M4300-24XF (XSM4324FS)
- M4300-28G (GSM4328S)
- M4300-28G-PoE+ (GSM4328PA)
- M4300-28G-PoE+ (GSM4328PB)
- M4300-48X (XSM4348CS)
- M4300-48XF (XSM4348FS)
- M4300-52G (GSM4352S)
- M4300-52G-PoE+ (GSM4352PA)
- M4300-52G-PoE+ (GSM4352PB)
- M4300-8X8F (XSM4316S)
- M4500-32C (CSM4532)
- M4500-48XF8C (XSM4556)
- M5300
- M5300-28G (GSM7228S)
- M5300-28G-POE+ (GSM7228PSv1h2)
- M5300-28G3 (GSM7328Sv2h2)
- M5300-28GF3 (GSM7328FSv2)
- M5300-52G (GSM7252S)
- M5300-52G-POE+ (GSM7252PSv1h2)
- M5300-52G3 (GSM7352Sv2h2)
- MSM4214X (TAA)
- Legacy Fully Managed Switch (12)
- GSM7224v1
- GSM7224v2
- GSM7248v1
- GSM7248v2
- M4100-26-POE (FSM7226Pv1h1)
- M4100-26G (GSM7224v2h2)
- M4100-26G-POE (GSM7226LPv1h1)
- M4100-50-POE (FSM7250Pv1h1)
- M4100-50G (GSM7248v2h2)
- M4100-50G-POE+ (GSM7248Pv1h1)
- M4100-D10-POE (FSM5210Pv1h1)
- M4100-D12G (GSM5212v1h1)
Read this article in another language:
Looking for more about your product?
Get information, documentation, videos and more for your specific product.
Quick and easy solutions are available for you in the NETGEAR community. Ask the Community With NETGEAR’s round-the-clock premium support, help is just a phone call away. See Support Options NETGEAR provides complimentary technical support for NETGEAR products for 90 days from the original date of purchase. Contact Support GearHead Support is a technical support service for NETGEAR devices and all other connected devices in your home. Advanced remote support tools are used to fix issues on any of your devices. The service includes support for the following: Learn More NETGEAR ProSUPPORT services are available to supplement your technical support and warranty entitlements. NETGEAR offers a variety of ProSUPPORT services that allow you to access NETGEAR's expertise in a way that best meets your needs: Learn More Can’t find what you’re looking for?
Need to Contact NETGEAR Support?
Complimentary Support
NETGEAR Premium Support
GearHead Support for Home Users
ProSUPPORT Services for Business Users