C
HAPTER
13
| Security Measures
Configuring Port Security
– 382 –
◆ When the port security state is changed from enabled to disabled, all
dynamically learned entries are cleared from the address table.
◆ If port security is enabled, and the maximum number of allowed
addresses are set to a non-zero value, any device not in the address
table that attempts to use the port will be prevented from accessing the
switch.
◆ If a port is disabled (shut down) due to a security violation, it must be
manually re-enabled from the Interface > Port > General page
(page 152).
◆ A secure port has the following restrictions:
■
It cannot be used as a member of a static or dynamic trunk.
■
It should not be connected to a network interconnection device.
■
RSPAN and port security are mutually exclusive functions. If port
security is enabled on a port, that port cannot be set as an RSPAN
uplink port, source port, or destination port. Also, when a port is
configured as an RSPAN uplink port, source port, or destination
port, port security cannot be enabled on that port.
PARAMETERS
These parameters are displayed:
◆ Port – Port identifier.
◆ Security Status – Enables or disables port security on an interface.
(Default: Disabled)
◆ Port Status – The operational status:
■
Secure/Down – Port security is disabled.
■
Secure/Up – Port security is enabled.
■
Shutdown – Port is shut down due to a response to a port security
violation.
◆ Action – Indicates the action to be taken when a port security violation
is detected:
■
None: No action should be taken. (This is the default.)
■
Trap: Send an SNMP trap message.
■
Shutdown: Disable the port.
■
Trap and Shutdown: Send an SNMP trap message and disable the
port.
◆ Max MAC Count – The maximum number of MAC addresses that can
be learned on a port. (Range: 0 - 1024, where 0 means disabled)
To Next Page
Loading...
