Chapter 4 | Configuration Using the |
Security > Port Security
The Port Security screen is used to configure a port’s security settings.
Security > Ports Security
Network security can be increased by limiting access on a specific port only to users with specific MAC addresses. MAC addresses can be dynamically learned or statically configured.
Locked port security monitors both received and learned packets that are received on specific ports. Access to the locked port is limited to users with specific MAC addresses. These addresses are either manually defined on the port, or learned on that port up to the point when it is locked. When a packet is received on a locked port, and the packet’s source MAC address is not tied to that port (either it was learned on a different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options. Unauthorized packets arriving at a locked port are either:
•Forwarded
•Discarded
•Cause the port to be shut down
Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list can be restored after the device has been reset.
Disabled ports can be reactivated from the Port Settings screen of the Port Management tab.
Interface Select Port or LAG, then select the desired interface from the appropriate
Lock Interface Select this option to lock the interface. The default is not selected (interface not locked).
Learning Mode Defines the locked port type. This field is enabled only if Lock Interface is not selected. The possible values are:
•Classic Lock Locks the port using the classic lock mechanism. The port is immediately locked, regardless of how many addresses have already been learned.
•Limited Dynamic Lock Locks the port by deleting the current dynamic MAC addresses associated with the port. The port learns up to the maximum number of addresses allowed on the port. Both relearning and aging MAC addresses are enabled.
In order to change the Learning Mode, the Lock Interface must be unselected. Once the Learning Mode is changed, the Lock Interface can be reinstated.
Max Entries Specifies the number of MAC addresses that can be learned on the port. This field is enabled only if Learning Mode is set to Limited Dynamic Lock. The default value is 1.
Action on Violation Indicates the action to be applied to packets arriving on a locked port. The possible values are:
•Discard Discards packets from any unlearned source. This is the default value.
•Forward Forwards packets from an unknown source without learning the MAC address.
•Shutdown Discards packets from any unlearned source and shuts down the port. The port remains shut down until reactivated, or until the device is reset.
Update If you click this button, your changes are saved and appear immediately in the table at the bottom of the Port Security screen.
The lower portion of the Port Security screen displays a summary of the settings in the upper portion of the screen. The settings are displayed for each of the ports on the Switch.
Click Save Settings to apply the changes, or Cancel Changes to cancel the changes.
Business Series Smart Gigabit Ethernet Switch | 22 |