Security > Multiple Hosts - Cisco SRW2016 User Manual

Chapter 5
Learning Mode Defines the locked port type. The
Learning Mode field is enabled only if Locked is selected
in the Interface Status field. The possible field values are:
Classic Lock Locks the port using the classic lock
•
mechanism. The port is immediately locked, regardless
of the number of addresses that have already been
learned.
Limited Dynamic Lock
•
the current dynamic MAC addresses associated with
the port. The port learns up to the maximum addresses
allowed on the port. Both relearning and aging MAC
addresses are enabled.
In order to change the Learning Mode, the Lock Interface
must be set to Unlocked. Once the mode is changed, the
Lock Interface can be reinstated.
Max Entries Specifies the number of MAC addresses that
can be learned on the port. The Max Entries field is enabled
only if Locked is selected in the Interface Status field. In
addition, the Limited Dynamic Lock mode is selected. The
default is 1.
Action on Violation
Indicates the action to be applied to
packets arriving on a locked port. The possible field values
are:
• Discard Discards packets from any unlearned source.
This is the default value.
Forward Normal
• Forwards packets from an unknown
source without learning the MAC address.
Discard Disable Discards packets from any unlearned
•
source and shuts down the port. The port remains shut
down until reactivated, or until the device is reset.
Enable Trap Enables traps when a packet is received on
a locked port.
Trap Frequency The amount of time (in seconds)
between traps. The default value is 10 seconds.
WebView Switches
Locks the port by deleting
Advanced Configuration
Security > Multiple Hosts
The Multiple Hosts screen allows network managers to
configure advanced port-based authentication settings
for specific ports and VLANs.
Security > Multiple Hosts
Port Displays the port number for which advanced port-
based authentication is enabled.
Enable Multiple Hosts When checked, indicates that
multiple hosts are enabled. Multiple hosts must be
enabled in order to either disable the ingress-filter, or to
use port-lock security on the selected port.
Action on Violation
Defines the action to be applied to
packets arriving in single-host mode, from a host whose
MAC address is not the supplicant MAC address. The
possible field values are:
Discard
• Discards the packets. This is the default
value.
Forward Forwards the packet.
•
Discard Disable Discards the packets and shuts
•
down the port. The ports remains shut down until
reactivated, or until the device is reset.
Enable Traps
When checked, indicates that traps are
enabled for Multiple Hosts.
Trap Frequency Defines the time period by which traps
are sent to the host. The Trap Frequency (1–1,000,000)
field can be defined only if multiple hosts are disabled.
The default is 10 seconds.
The table contains the following additional fields:
Status Indicates the host status. If there is an asterisk (*),
the port is either not linked or is down. The possible field
values are:
Number of Violations Indicates the number of packets
that arrived on the interface in single-host mode, from
a host whose MAC address is not the supplicant MAC
address.
39