| Setting Up Security for a Device |
| Switch Port Security |
|
|
Parameter | Description |
|
|
Learn Mode | Specifies how the port will acquire its list of authorized addresses. |
| Continuous (the default): Allows the port to learn addresses from inbound |
| traffic from any device(s) to which it is connected. In this state, the port |
| accepts as authorized any device(s) to which it is connected. Addresses |
| learned this way appear in the switch and port address tables and age out |
| according to the Address Age interval in the System Information |
| configuration screen. |
| Static: Enables you to specify how many devices are authorized on the |
| port and to enter the MAC addresses of the authorized devices. If you enter |
| fewer MAC addresses than you authorized, the port learns the remaining |
| addresses from the inbound traffic it receives. (See “Authorized |
| Addresses” at the end of this table). |
| Note: When you configure Learn Mode to Static, all devices (MAC |
| addresses) in the port's address table are deleted from both the port's |
| address table and the switch's address table and replaced by the |
| authorized devices for this port. |
Address Limit | When Learn Mode is set to Static, specifies how man authorized devices |
| (MAC addresses) to allow. The range is 1 (the default) to 8. |
Eavesdrop Prevention | Specifies whether the port will block outbound traffic addressed to |
| devices unknown to the port, that is, flooded unicast traffic. This is |
| recommended for use on secure port with known (static) MAC addresses, |
| which makes it unnecessary for these ports to transmit flooded unicast |
| traffic for unknown destinations. |
| Disabled: (the default): Allow the port to transmit all outbound traffic it |
| receives, regardless of whether the traffic is addressed to devices that |
| are known to the port. |
| Enabled: Allows the port to transmit only the outbound traffic addressed |
| to devices that are known to the port. Outbound traffic to devices unknown |
| to the port is dropped. Devices known to the port include all devices (MAC |
| addresses) the port has detected and listed in its address table, and any |
| devices configured in the Authorized Addresses table. You can view the |
| port’s address table from the console Status and Counters menu. The |
| Authorized Addresses table appears if the Learn Mode parameter is set |
| to Static. |
| Note: This feature is not recommended for applications in which a port’s |
| Learn Mode is configured to Continuous. |
Action | Specifies whether an SNMP trap is sent to a network management station |
| when Learn Mode is configured to Static and the port detects an |
| unauthorized device. |
| None (the default): Prevents an SNMP trap from being sent. |
| Send Alarm: Causes the switch to send an SNMP trap to a network |
| management station. For information on configuring the switch for SNMP |
| management, see the Management and Configuration Guide you received |
