Chapter 12
| Security Measures
Configuring Port Security
◆
When the port security state is changed from enabled to disabled, all
dynamically learned entries are cleared from the address table.
◆
If port security is enabled, and the maximum number of allowed addresses are
set to a non-zero value, any device not in the address table that attempts to use
the port will be prevented from accessing the switch.
◆
If a port is disabled (shut down) due to a security violation, it must be manually
re-enabled from the Interface > Port > General page
◆
A secure port has the following restrictions:
It cannot be used as a member of a static or dynamic trunk.
■
It should not be connected to a network interconnection device.
■
RSPAN and port security are mutually exclusive functions. If port security is
■
enabled on a port, that port cannot be set as an RSPAN uplink port. Also,
when a port is configured as an RSPAN uplink port, source port, or
destination port, port security cannot be enabled on that port.
Parameters
These parameters are displayed:
◆
Port – Port identifier. (Range: 1-10/28)
◆
Security Status – Enables or disables port security on a port.
(Default: Disabled)
◆
Port Status – The operational status:
■
Secure/Down – Port security is disabled.
■
Secure/Up – Port security is enabled.
Shutdown – Port is shut down due to a response to a port security violation.
■
◆
Action – Indicates the action to be taken when a port security violation is
detected:
None: No action should be taken. (This is the default.)
■
Trap: Send an SNMP trap message.
■
Shutdown: Disable the port.
■
Trap and Shutdown: Send an SNMP trap message and disable the port.
■
◆
Max MAC Count – The maximum number of MAC addresses that can be
learned on a port. (Range: 0 - 1024, where 0 means disabled)
The maximum address count is effective when port security is enabled or
disabled.
– 290 –
(page
95).