Setting Up Security for a Device

 

Switch Port Security

 

 

Parameter

Description

 

 

Learn Mode

Specifies how the port will acquire its list of authorized addresses.

 

Continuous (the default): Allows the port to learn addresses from inbound

 

traffic from any device(s) to which it is connected. In this state, the port

 

accepts as authorized any device(s) to which it is connected. Addresses

 

learned this way appear in the switch and port address tables and age out

 

according to the Address Age interval in the System Information

 

configuration screen.

 

Static: Enables you to specify how many devices are authorized on the

 

port and to enter the MAC addresses of the authorized devices. If you enter

 

fewer MAC addresses than you authorized, the port learns the remaining

 

addresses from the inbound traffic it receives. (See “Authorized

 

Addresses” at the end of this table).

 

Note: When you configure Learn Mode to Static, all devices (MAC

 

addresses) in the port's address table are deleted from both the port's

 

address table and the switch's address table and replaced by the

 

authorized devices for this port.

Address Limit

When Learn Mode is set to Static, specifies how man authorized devices

 

(MAC addresses) to allow. The range is 1 (the default) to 8.

Eavesdrop Prevention

Specifies whether the port will block outbound traffic addressed to

 

devices unknown to the port, that is, flooded unicast traffic. This is

 

recommended for use on secure port with known (static) MAC addresses,

 

which makes it unnecessary for these ports to transmit flooded unicast

 

traffic for unknown destinations.

 

Disabled: (the default): Allow the port to transmit all outbound traffic it

 

receives, regardless of whether the traffic is addressed to devices that

 

are known to the port.

 

Enabled: Allows the port to transmit only the outbound traffic addressed

 

to devices that are known to the port. Outbound traffic to devices unknown

 

to the port is dropped. Devices known to the port include all devices (MAC

 

addresses) the port has detected and listed in its address table, and any

 

devices configured in the Authorized Addresses table. You can view the

 

port’s address table from the console Status and Counters menu. The

 

Authorized Addresses table appears if the Learn Mode parameter is set

 

to Static.

 

Note: This feature is not recommended for applications in which a port’s

 

Learn Mode is configured to Continuous.

Action

Specifies whether an SNMP trap is sent to a network management station

 

when Learn Mode is configured to Static and the port detects an

 

unauthorized device.

 

None (the default): Prevents an SNMP trap from being sent.

 

Send Alarm: Causes the switch to send an SNMP trap to a network

 

management station. For information on configuring the switch for SNMP

 

management, see the Management and Configuration Guide you received

14-13