Chapter 5 | Advanced Configuration |
to that port (either it was learned on a different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options. Unauthorized packets arriving at a locked port are either:
•• Forwarded
•• Discarded with no trap
•• Discarded with a trap
•• Cause the port to be shut down.
Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list can be restored after the device has been reset.
Disabled ports are activated from the Port Security page. Interface Displays the port or LAG name.
Lock Interface Selecting this option locks the specified interface.
Learning Mode Defines the locked port type. The Learning Mode field is enabled only if Locked is selected in the Interface Status field.The possible field values are:
•• Classic Lock Locks the port using the classic lock mechanism. The port is immediately locked, regardless of the number of addresses that have already been learned.
•• Limited Dynamic Lock Locks the port by deleting the current dynamic MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both relearning and aging MAC addresses are enabled.
In order to change the Learning Mode, the Lock Interface must be set to Unlocked. Once the mode is changed, the Lock Interface can be reinstated.
Max Entries Specifies the number of MAC addresses that can be learned on the port. The Max Entries field is enabled only if Locked is selected in the Interface Status field. In addition, the Limited Dynamic Lock mode is selected. The default is 1.
Action on Violation Indicates the action to be applied to packets arriving on a locked port. The possible field values are:
•• Discard Discards packets from any unlearned source. This is the default value.
•• Forward Normal Forwards packets from an unknown source without learning the MAC address.
•• Discard Disable Discards packets from any unlearned source and shuts down the port. The port remains shut down until reactivated, or until the device is reset.
Enable Trap Enables traps when a packet is received on a locked port.
Trap Frequency The amount of time (in seconds) between traps. The default value is 10 seconds.
Security > Multiple Hosts
The Multiple Hosts screen allows network managers to configure advanced
Security > HTTPS Settings
Port Displays the port number for which advanced port- based authentication is enabled.
Enable Multiple Hosts When checked, indicates that multiple hosts are enabled. Multiple hosts must be enabled in order to either disable the
Action on Violation Defines the action to be applied to packets arriving in
•• Discard Discards the packets. This is the default value.
•• Forward Forwards the packet.
•• Discard Disable Discards the packets and shuts down the port. The ports remains shut down until reactivated, or until the device is reset.
Enable Traps When checked, indicates that traps are enabled for Multiple Hosts.
Trap Frequency Defines the time period by which traps are sent to the host. The Trap Frequency
Status Indicates the host status. If there is an asterisk (*), the port is either not linked or is down.
36 |
