Configuring and Monitoring Port Security

Port Security

Planning Port Security

1.Plan your port security configuration and monitoring according to the following:

a.On which ports do you want port security?

b.Which devices (MAC addresses) are authorized on each port?

c.For each port, what security actions do you want? (The switch automatically blocks intruders detected on that port from transmit- ting to the network.) You can configure the switch to (1) send intrusion alarms to an SNMP management station and to (2) option- ally disable the port on which the intrusion was detected.

d.How do you want to learn of the security violation attempts the switch detects? You can use one or more of these methods:

Through network management (That is, do you want an SNMP trap sent to a net management station when a port detects a security violation attempt?)

Through the switch’s Intrusion Log, available through the CLI, menu, and web browser interface

Through the Event Log (in the menu interface or through the CLI show log command)

2.Use the CLI or web browser interface to configure port security operating and address controls. The following table describes the parameters.

11-7