Table of Contents
Advertisement
Security
Port Security
Cisco Small Business SG200 Series 8-port Smart Switches Administration Guide
•
Interface Status—Select Lock to enable port security on the interface.
When an interface transitions from unlocked to locked, all addresses that had
been dynamically learned by the switch on that port are removed from its
MAC address list.
•
Max No. of Static MAC Addresses—Specify the maximum number of static
secure MAC addresses at the port/LAG. Static secure MAC address are
configured on the Static Addresses page. The total number of secure
addresses cannot exceed 256.
•
Max No. of Dynamic MAC Addresses—Specify the maximum number of
dynamic secure MAC addresses that can be learned from the port/LAG. The
total number of secure addresses cannot exceed 256.
When port-security is enabled on a port, and static or dynamic limits are set
to new values, then the following rules apply:
-
If the new value is greater than the old value, no action is taken for either
the dynamic or static addresses.
-
If the new value is less than the old value, the following actions are taken:
Dynamic Addresses—The switch initiates a flush of all learned
addresses on the port.
Static Addresses—The switch retains the static addresses (up to the
static limit) regardless of whether the addresses are configured as
secure, permanent, or delete on timeout. It then deletes the remaining
static addresses from the MAC address table.
•
Action on Violation—Select how the switch handles incoming packets that
are not allowed on the locked port:
-
Discard—Packets are dropped.
-
Forward—Packets are forwarded, but the source MAC addresses are
not added to the forwarding database.
-
Shutdown—Packets are discarded and the port is shut down.
•
Convert dynamic addresses to static—Select Enable to convert all
dynamic secure MAC addresses to static secure MAC addresses.
•
Reset Port—Select to reset the port if it has been shut down by the Port
Security feature.
11
144
Advertisement
Table of Contents
