Chapter 12
| Security Measures
Configuring Port Security
◆
When the port security state is changed from enabled to disabled, all
dynamically learned entries are cleared from the address table.
◆
If port security is enabled, and the maximum number of allowed addresses are
set to a non-zero value, any device not in the address table that attempts to use
the port will be prevented from accessing the switch.
◆
If a port is disabled (shut down) due to a security violation, it must be manually
re-enabled from the Interface > Port > General page
◆
A secure port has the following restrictions:
It cannot be used as a member of a static or dynamic trunk.
■
It should not be connected to a network interconnection device.
■
Parameters
These parameters are displayed:
◆
Port – Port identifier.
◆
Security Status – Enables or disables port security on a port.
(Default: Disabled)
◆
Port Status – The operational status:
Secure/Down – Port security is disabled.
■
Secure/Up – Port security is enabled.
■
Shutdown – Port is shut down due to a response to a port security violation.
■
◆
Action – Indicates the action to be taken when a port security violation is
detected:
None: No action should be taken. (This is the default.)
■
Trap: Send an SNMP trap message.
■
Shutdown: Disable the port.
■
Trap and Shutdown: Send an SNMP trap message and disable the port.
■
◆
Max MAC Count – The maximum number of MAC addresses that can be
learned on a port. (Range: 0 - 256, where 0 means disabled)
The maximum address count is effective when port security is enabled or
disabled.
◆
Current MAC Count – The number of MAC addresses currently associated with
this interface.
◆
MAC Filter – Shows if MAC address filtering has been set under Security >
Network Access (Configure MAC Filter) as described on
– 322 –
(page
95).
page
276.