Configuring Security
Configuring 802.1X
Cisco Small Business 200 1.1 Series Smart Switch Administration Guide 245
17
- Limited Dynamic Lock—Locks the port by deleting the current dynamic
MAC addresses associated with the port. The port learns up to the
maximum addresses allowed on the port. Both re-learning and aging of
MAC addresses are enabled.
• Max No. of Addresses Allowed—Enter the maximum number of MAC
addresses that can be learned on the port if Limited Dynamic Lock learning
mode is selected. The number 0 indicates that only static addresses are
supported on the interface.
• Action on Violation—Select an action to be applied to packets arriving on a
locked port. The options are:
- Discard—Discards packets from any unlearned source.
- Forward—Forwards packets from an unknown source without learning
the MAC address.
- Shutdown—Discards packets from any unlearned source, and shuts
down the port. The port remains shut down until reactivated, or until the
switch is rebooted.
• Trap—Select to enable traps when a packet is received on a locked port.
This is relevant for lock violations. For Classic Lock, this is any new address
received. For Limited Dynamic Lock, this is any new address that exceeds
the number of allowed addresses.
NOTE Traps on the 200 Series are SYSLOG-related and not generated
through SNMP.
• Trap Frequency—Enter minimum time (in seconds) that elapses between
traps.
STEP 4 Click Apply. Port security is modified, and the Running Configuration file is
updated.
Configuring 802.1X
Port-based access control has the effect of creating two types of access on the
switch ports. One point of access enables uncontrolled communication,
regardless of the authorization state (uncontrolled port). The other point of access
authorizes communication between a host and the switch.
To Next Page
Loading...
