Configuring Security
Configuring Port Security
Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x 205
16
Configuring Port Security
Network security can be increased by limiting access on a port to users with
specific MAC addresses. The MAC addresses can be either dynamically learned
or statically configured.
Port security monitors received and learned packets. Access to locked ports is
limited to users with specific MAC addresses.
Port security has two modes:
• Classic Lock—All learned MAC addresses on the port are locked, and the
switch learns up to the maximum number of addresses allowed on the port
(defined by Max No. of Addresses Allowed). The learned addresses are not
subject to aging or relearning.
• Limited Dynamic Lock—The switch learns MAC addresses up to the
configured limit of allowed addresses. After the limit is reached, the switch
does not learn additional addresses. In this mode, the addresses are
subject to aging and relearning.
When a frame with a new MAC address is detected on a port where it is not
authorized (the port is classically locked and the new MAC address of this frame is
learned on another classically locked port, or the port is dynamically locked and
the maximum number of allowed addresses has been exceeded), the protection
function is invoked, and one of the following actions can take place:
• Frame is discarded.
• Frame is forwarded.
• Frame is discarded and a SYSLOG message is generated.
• Port is shut down.
When the secure MAC address is seen on another port, the frame is handled with
the specified violation action, and the MAC address is not learned on that port.
Use the Port Security page to configure the security parameters for all ports, and
to enable their modification.
To configure port security:
STEP 1 Click Security > Port Security.
STEP 2 Select a port and click Edit.
To Next Page
Loading...
