3-‐5.2.1.2
P ort
This
s ection
s hows
t he
M AC
a ddresses
s ecured
b y
t he
P ort
S ecurity
m odule.
P ort
S ecurity
i s
a
m odule
with
no
direct
configuration.
Configuration
comes
indirectly
from
other
modules—the
user
modules.
When
a
user
module
has
enabled
port
security
on
a
port,
the
port
is
set
up
for
software-‐based
learning.
In
this
mode,
frames
from
unknown
MAC
addresses
are
passed
on
to
the
port
security
module,
which
in
turn
asks
all
user
modules
whether
to
allow
this
new
MAC
address
to
forward
or
block
it.
For
a
MAC
address
to
be
set
in
the
forwarding
state,
all
enabled
user
modules
must
unanimously
agree
on
allowing
the
MAC
address
to
forward.
If
only
one
chooses
to
block
it,
it
will
be
blocked
u ntil
t hat
u ser
m odule
d ecides
o therwise.
Web
I nterface
To
c onfigure
a
P ort
S ecurity
S witch
S tatus
C onfiguration
i n
t he
w eb
i nterface:
1.
Click
S ecurity,
N etwork,
P ort
S ecurity,
a nd
t hen
P ort.
2.
Specify
t he
P ort
t hat
y ou
w ant
t o
m onitor.
3.
Check
" Auto-‐refresh".
4.
Click
" Refresh"
t o
r efresh
t he
p ort
d etailed
s tatistics.
Figure
3 -‐5.2.1.2:
The
P ort
S ecurity
P ort
S tatus
Parameter
d escription:
MAC
A ddress
&
V LAN
I D:
The
MAC
address
and
VLAN
ID
for
this
port.
If
no
MAC
addresses
are
learned,
a
single
row
stating
"No
M AC
a ddresses
a ttached"
i s
d isplayed.
State:
Indicates
w hether
t he
c orresponding
M AC
a ddress
i s
b locked
o r
f orwarding.
I n
t he
b locked
s tate,
i t
will
n ot
b e
a llowed
t o
t ransmit
o r
r eceive
t raffic.
Time
o f
A ddition:
Shows
t he
d ate
a nd
t ime
w hen
t his
M AC
a ddress
w as
f irst
s een
o n
t he
p ort.
Age/Hold:
If
at
least
one
user
module
has
decided
to
block
this
MAC
address,
it
will
stay
in
the
blocked
state
until
the
hold
time
(measured
in
seconds)
expires.
If
all
user
modules
have
decided
to
allow
this
MAC
a ddress
t o
f orward,
a nd
a ging
i s
e nabled,
t he
P ort
S ecurity
m odule
w ill
p eriodically
c heck
t hat
this
MAC
address
still
forwards
traffic.
If
the
age
period
(measured
in
seconds)
expires
and
no
frames
are
seen,
the
MAC
address
will
be
removed
from
the
MAC
table.
Otherwise,
a
new
aging
period
w ill
b egin.
If
aging
is
disabled
or
a
user
module
has
decided
to
hold
the
MAC
address
indefinitely,
a
dash
(-‐)
will
b e
s hown.
Buttons
234
Publication date: Sept, 2015
Revision A1