Security
Configuring Port Security
393 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3
20
• Interface—Select the interface name.
• Interface Status—Select to lock the port.
• Learning Mode—Select the type of port locking. To configure this field, the
Interface Status must be unlocked. The Learning Mode field is enabled only
if the Interface Status field is locked. To change the Learning Mode, the Lock
Interface must be cleared. After the mode is changed, the Lock Interface can
be reinstated. The options are:
- Classic Lock—Locks the port immediately, regardless of the number of
addresses that have already been learned.
- Limited Dynamic Lock—Locks the port by deleting the current dynamic
MAC addresses associated with the port. The port learns up to the
maximum addresses allowed on the port. Both re-learning and aging of
MAC addresses are enabled.
- Secure Permanent—Keeps the current dynamic MAC addresses
associated with the port and learns up to the maximum number of
addresses allowed on the port (set by Max No. of Addresses Allowed).
Relearning and aging are enabled.
- Secure Delete on Reset—Deletes the current dynamic MAC addresses
associated with the port after reset. New MAC addresses can be learned
as Delete-On-Reset ones up to the maximum addresses allowed on the
port. Relearning and aging are disabled.
• Max No. of Addresses Allowed—Enter the maximum number of MAC
addresses that can be learned on the port if Limited Dynamic Lock learning
mode is selected. The number 0 indicates that only static addresses are
supported on the interface.
• Action on Violation—Select an action to be applied to packets arriving on a
locked port. The options are:
- Discard—Discards packets from any unlearned source.
- Forward—Forwards packets from an unknown source without learning
the MAC address.
- Shutdown—Discards packets from any unlearned source, and shuts
down the port. The port remains shut down until reactivated, or until the
device is rebooted.
To Next Page
Loading...
