Chapter 5

Advanced Configuration

to that port (either it was learned on a different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options. Unauthorized packets arriving at a locked port are either:

•• Forwarded

•• Discarded with no trap

•• Discarded with a trap

•• Cause the port to be shut down.

Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list can be restored after the device has been reset.

Disabled ports are activated from the Port Security page. Interface  Displays the port or LAG name.

Lock Interface  Selecting this option locks the specified interface.

Learning Mode  Defines the locked port type. The Learning Mode field is enabled only if Locked is selected in the Interface Status field.The possible field values are:

•• Classic Lock  Locks the port using the classic lock mechanism. The port is immediately locked, regardless of the number of addresses that have already been learned.

•• Limited Dynamic Lock  Locks the port by deleting the current dynamic MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both relearning and aging MAC addresses are enabled.

In order to change the Learning Mode, the Lock Interface must be set to Unlocked. Once the mode is changed, the Lock Interface can be reinstated.

Max Entries  Specifies the number of MAC addresses that can be learned on the port. The Max Entries field is enabled only if Locked is selected in the Interface Status field. In addition, the Limited Dynamic Lock mode is selected. The default is 1.

Action on Violation  Indicates the action to be applied to packets arriving on a locked port. The possible field values are:

•• Discard  Discards packets from any unlearned source. This is the default value.

•• Forward Normal  Forwards packets from an unknown source without learning the MAC address.

•• Discard Disable  Discards packets from any unlearned source and shuts down the port. The port remains shut down until reactivated, or until the device is reset.

Enable Trap  Enables traps when a packet is received on a locked port.

Trap Frequency  The amount of time (in seconds) between traps. The default value is 10 seconds.

Security > Multiple Hosts

The Multiple Hosts screen allows network managers to configure advanced port-based authentication settings for specific ports and VLANs.

Security > HTTPS Settings

Port  Displays the port number for which advanced port- based authentication is enabled.

Enable Multiple Hosts  When checked, indicates that multiple hosts are enabled. Multiple hosts must be enabled in order to either disable the ingress-filter, or to use port-lock security on the selected port.

Action on Violation  Defines the action to be applied to packets arriving in single-host mode, from a host whose MAC address is not the supplicant MAC address. The possible field values are:

•• Discard  Discards the packets. This is the default value.

•• Forward  Forwards the packet.

•• Discard Disable  Discards the packets and shuts down the port. The ports remains shut down until reactivated, or until the device is reset.

Enable Traps  When checked, indicates that traps are enabled for Multiple Hosts.

Trap Frequency  Defines the time period by which traps are sent to the host. The Trap Frequency (1-1000000) field can be defined only if multiple hosts are disabled. The default is 10 seconds.

Status  Indicates the host status. If there is an asterisk (*), the port is either not linked or is down.

8-Port 10/100 Ethernet Switch with Webview

36

Page 42
Image 42
Linksys SRW208L, SRW208MP, SRW208G, SRW208P manual Security Multiple Hosts