Security
Configuring Port Security
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 355
18
When a frame from a new MAC address is detected on a port where it is not
authorized (the port is classically locked, and there is a new MAC address, or the
port is dynamically locked, and the maximum number of allowed addresses has
been exceeded), the protection mechanism is invoked, and one of the following
actions can take place:
• Frame is discarded
• Frame is forwarded
• Port is shut down
When the secure MAC address is seen on another port, the frame is forwarded,
but the MAC address is not learned on that port.
In addition to one of these actions, you can also generate traps, and limit their
frequency and number to avoid overloading the devices.
NOTE To use 802.1X on a port, it must be in multiple host or multi session modes. Port
security on a port cannot be set if the port is in single mode (see the 802.1x, Host
and Session Authentication page).
To configure port security:
STEP 1 Click Security > Port Security.
STEP 2 Select an interface to be modified, and click Edit.
STEP 3 Enter the parameters.
• Interface—Select the interface name.
• Interface Status—Select to lock the port.
• Learning Mode—Select the type of port locking. To configure this field, the
Interface Status must be unlocked. The Learning Mode field is enabled only
if the Interface Status field is locked. To change the Learning Mode, the Lock
Interface must be cleared. After the mode is changed, the Lock Interface can
be reinstated. The options are:
- Classic Lock—Locks the port immediately, regardless of the number of
addresses that have already been learned.
- Limited Dynamic Lock—Locks the port by deleting the current dynamic
MAC addresses associated with the port. The port learns up to the
maximum addresses allowed on the port. Both re-learning and aging of
MAC addresses are enabled.
To Next Page
Loading...
