| Security Measures
C
13
HAPTER
Configuring Port Security
When the port security state is changed from enabled to disabled, all
◆
dynamically learned entries are cleared from the address table.
If port security is enabled, and the maximum number of allowed
◆
addresses are set to a non-zero value, any device not in the address
table that attempts to use the port will be prevented from accessing the
switch.
If a port is disabled (shut down) due to a security violation, it must be
◆
manually re-enabled from the Interface > Port > General page
(page
156).
A secure port has the following restrictions:
◆
It cannot be used as a member of a static or dynamic trunk.
■
It should not be connected to a network interconnection device.
■
RSPAN and port security are mutually exclusive functions. If port
■
security is enabled on a port, that port cannot be set as an RSPAN
uplink port, source port, or destination port. Also, when a port is
configured as an RSPAN uplink port, source port, or destination
port, port security cannot be enabled on that port.
P
ARAMETERS
These parameters are displayed:
Port – Port identifier.
◆
Security Status – Enables or disables port security on the port.
◆
(Default: Disabled)
Port Status – The operational status:
◆
Secure/Down – Port security is disabled.
■
Secure/Up – Port security is enabled.
■
Shutdown – Port is shut down due to a response to a port security
■
violation.
Action – Indicates the action to be taken when a port security violation
◆
is detected:
None: No action should be taken. (This is the default.)
■
Trap: Send an SNMP trap message.
■
Shutdown: Disable the port.
■
Trap and Shutdown: Send an SNMP trap message and disable the
■
port.
Max MAC Count – The maximum number of MAC addresses that can
◆
be learned on a port. (Range: 0 - 1024, where 0 means disabled)
The maximum address count is effective when port security is enabled
or disabled.
– 386 –