Cisco 220 Series Smart Plus Administration Manual page 201

Hide thumbs Also See for 220 Series Smart Plus:

Reference manual (582 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

page of 287

/ 287
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring Security

Configuring Port Security

STEP 1

STEP 2

STEP 3

Cisco 220 Series Smart Plus Switches Administration Guide Release 1.0.0.x

When a frame from a new MAC address is detected on a port where it is not

authorized (the port is classically locked, and there is a new MAC address learned

on another classically locked port, or the port is dynamically locked, and the

maximum number of allowed addresses has been exceeded), the protection

mechanism is invoked, and one of the following actions can take place:

•

Frame is discarded.

•

Frame is forwarded.

•

Frame is discarded and a SYSLOG message is generated.

•

Port is shut down.

When the secure MAC address is seen on another port, the frame is dealed with

the specified violation action, and the MAC address is not learned on that port.

Use the Port Security page to configure the security parameters for all ports and

LAGs, and to enable their modification.

To configure port security:

Click Security > Port Security.

Select an interface to be modified, and click Edit.

Enter the following information:

•

Interface—Select a port or a LAG to which the security settings apply.

•

Interface Status—Check Lock to lock the port or LAG.

•

Learning Mode—Select the type of port locking. This field is enabled only

if the Interface Status field is locked. To change the Learning Mode, the lock

interface must be cleared. After the mode is changed, the lock interface can

be reinstated. The options are:

Classic Lock

addresses that have already been learned exceeds the Max No. of

Addresses Allowed, all learned addresses will be cleared.

Limited Dynamic Lock

dynamic MAC addresses associated with the interface. The interface

learns up to the maximum addresses allowed on the interface. Both re-

learning and aging of MAC addresses are enabled.

•

Max No. of Addresses Allowed—Enter the maximum number of MAC

addresses that can be learned on the interface if Limited Dynamic Lock

learning mode is selected. The range is 1 to 256 and the default is 1.

—Locks the interface immediately. But if the number of

—Locks the interface by deleting the current

199

Table of Contents

Cisco 220 Series Smart Plus Administration Manual page 201

Related Manuals for Cisco 220 Series Smart Plus

Related Products for Cisco 220 Series Smart Plus

Table of Contents