29 30
Configuration guide:
Enable RSTP function to avoid broadcast storm caused by looped network
structure among switch A ,switch B and switch C 1-10 port.
The meaning of main parameters of the pages as below. .
Table 4-9 Parameters
Configuration Guidelines:
For example, when binding the port 10 of switch A with switch B, port 1 belongs
to VLAN20.
Static MAC address differs from the general dynamic MAC
address. Once a static address is added, the address will
remain in effect until be deleted and free the maximum aging
time limited.
Port-corresponding VLAN ID number
Select a static MAC address to forward port, you can only
specify one forwarding port.
On [ / switch information of
statics address latch, as shown in figure 4-7:
Port security Stastic address lock] page displays
Figure 4-7
Port security
After setting RSTP, click RSTP information to check root bridge and
port information. The port recover time is around 30s by default, click
right key to refresh current status
“ ”
。
4.5 Port Security
4.5.1 Statics Address Latch
Statics MAC address is to limit computer operation, the computer with binding
computer MAC and ports can not communicate with other ports, while other
computer can do that.
Instruction
Enable
Enter 1-10 within the Port range (or click box front of port)Equipment
priority, cycle of sending message, maximum lifetime of information,
default port status migration delay;
Path cost, enter "0" is automatically detected;
Port priority, choose “128”;
Point to point, choose“yes”;
Edge port, choose “No”;
Click save, operation finished.
switch A,B,C RSTP function;
Enable static address latch function of switch B;
Enter the MAC address of switch B;
Enter VLAN ID with 20;
Enter port with 20;
Click Save;
Operation finished.
This feature is a security mechanism which requires high attention to the
settings;
Do not use a multicast address as a enter address;
Do not enter the reserved MAC address, such as local MAC address;
For port which has already been added to an aggregation group, it is not
allowed to set binding function between port and MAC address.
Caution
4.5.2 802.1X certificates
IEEE 802.1X certification system adopted the "controllable port" and
"uncontrolled ports" logic functions. It can realize the separation of business
and certification. After passing certification, the business flow and the
certification flow separation, it has no special requirement for the following
subsequent packets. Business can be flexible, especially in develop broadband
multicast business, it has a lot of advantages. All the business are not
restricted by authentication.
802.1X Three Main Parts:
(1) Application supplicant:User and Client which want to get the
certification;
(2) authentication server:A typical example for the RADIUS server;
(3)Certification System authenticator:Between the end devices, such as
wireless access points, switches, etc We can play at the same time equipment
system and authentication server two characters, you can also use the
additional authentication server, at the same time support the billing system.