Configuring Security
Configuring Port Security
Cisco Small Business 300 Series Managed Switch Administration Guide 210
16
When a frame from a new MAC address is detected on a port where it is not
authorized (the port is classically locked, and there is a new MAC address, or the
port is dynamically locked, and the maximum number of allowed addresses has
been exceeded), the protection mechanism is invoked, and one of the following
actions can take place:
• Frame is discarded
• Frame is forwarded
• Port is shut down
When the secure MAC address is seen on another port, the frame is forwarded,
but the MAC address is not learned on that port.
In addition to one of these actions, you can also generate traps, and limit their
frequency and number to avoid overloading the devices.
NOTE If you want to use 802.1X on a port, it must be multiple host mode (see the 802.1x,
Host and Session Authentication Page).
The Port Security Page displays security parameters for all ports and LAGs, and
enables their modification.
To configure port security:
STEP 1 Click Security > Port Security. The Port Security Page displays.
This page displays information either for all ports or for all LAGs, depending on
which interface type is selected.
STEP 2 Select an interface to be modified, and click Edit. The Edit Port Security Interface
Settings Page displays.
STEP 3 Enter the parameters.
• Interface—Select the interface name.
• Interface Status—Select to lock the port.
• Learning Mode—Select the type of port locking. To configure this field, the
Interface Status must be unlocked. The Learning Mode field is enabled only
if the Lock Interface field is locked. To change the Learning Mode, the Lock
Interface must be cleared. After the mode is changed, the Lock Interface can
be reinstated. The options are:
- Classic Lock—Locks the port immediately, regardless of the number of
addresses that have already been learned.
To Next Page
Loading...
