Support Model Name: ECS4620 series

Software Version: v1.2.2.39

In original design, port security function will stop learning MAC addresses when it reaches a configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted.

If enable network-access aging then the switch's secure MAC address table will be removed when the aging time expires or detect the MAC address on new ports.

So we enhance Sticky MAC function on ECS4620 series. When you connect the interface to your network, you can enable the sticky MAC feature and ensure that MAC-address is only learned on this port and protect MAC-address is not learned by other ports even port move or any attack.

Topology:

1.Port 1 enable sticky MAC, and connect a PC on it. The PC's MAC address was learned on port 1.

2.Disconnect the PC's link which connect to the hub, and move to port 2. Then the PC will fail to access the network through the port2 due to the MAC address was already learned on port1.

Procedure:

Step1:

Enable port security and sticky MAC on port 1.

Enable network-access aging on global.

Step2:

Connect the PC to port 1. And check the MAC address was learned on port 1

Step3:

Disconnect the PC's link which connect to the hub, and move to port 2

Confirm the PC's MAC address still be learned on port 1, and fail to learn on port 2.

Step 4:

Port 2 enable port security and set intrusion action as shutdown.

(Suggest set max-mac-count > 1)

Disconnect the PC's link which connect to the hub, and move to port 2.

Confirm the port is shut down by the sticky secure MAC address intrude into other port security enabled port.