Security
Configuring Port Security
Cisco Small Business 200 Series Smart Switch Administration Guide 261
19
• Limited Dynamic Lock—The device learns MAC addresses up to the configured limit of allowed
addresses. After the limit is reached, the device does not learn additional addresses. In this mode,
the addresses are subject to aging and re-learning.
• Secure Permanent—Keeps the current dynamic MAC addresses associated with the port and
learns up to the maximum number of addresses allowed on the port (set by Max No. of Addresses
Allowed). Relearning and aging are disabled.
• Secure Delete on Reset—Deletes the current dynamic MAC addresses associated with the port
after reset. New MAC addresses can be learned as Delete-On-Reset ones up to the maximum
addresses allowed on the port. Relearning and aging are disabled.
When a frame from a new MAC address is detected on a port where it is not authorized (the port is
classically locked, and there is a new MAC address, or the port is dynamically locked, and the maximum
number of allowed addresses has been exceeded), the protection mechanism is invoked, and one of the
following actions can take place:
• Frame is discarded
• Frame is forwarded
• Port is shut down
When the secure MAC address is seen on another port, the frame is forwarded, but the MAC address is not
learned on that port.
In addition to one of these actions, you can also generate traps, and limit their frequency and number to
avoid overloading the devices.
NOTE To use 802.1X on a port, it must be in multiple host or multi session modes. Port
security on a port cannot be set if the port is in single mode (see the 802.1x, Host
and Session Authentication page).
To c o n f i g u r e p o r t s e c u r i t y :
STEP 1 Click Security > Port Security.
STEP 2 Select an interface to be modified, and click Edit.
STEP 3 Enter the parameters.
• Interface—Select the interface name.
• Interface Status—Select to lock the port.
• Learning Mode—Select the type of port locking. To configure this field, the Interface Status must be
unlocked. The Learning Mode field is enabled only if the Interface Status field is locked. To change the
Learning Mode, the Lock Interface must be cleared. After the mode is changed, the Lock Interface can
be reinstated. The options are:
To Next Page
Loading...
Need help?
General