Chapter 4
Configuration Using the Web-based Utility
Business Series Smart Gigabit Ethernet Switch
Security > Port Security
The
Port Security
screen is used to configure a port’s
security settings.
Security > Ports Security
Network security can be increased by limiting access on
a specific port only to users with specific MAC addresses.
MAC addresses can be dynamically learned or statically
configured.
Locked port security monitors both received and learned
packets that are received on specific ports. Access to the
locked port is limited to users with specific MAC addresses.
These addresses are either manually defined on the port,
or learned on that port up to the point when it is locked.
When a packet is received on a locked port, and the
packet’s source MAC address is not tied to that port (either
it was learned on a different port, or it is unknown to the
system), the protection mechanism is invoked, and can
provide various options. Unauthorized packets arriving at
a locked port are either:
Forwarded
Discarded
Cause the port to be shut down
Locked port security also enables storing a list of MAC
addresses in the configuration file. The MAC address list
can be restored after the device has been reset.
Disabled ports can be reactivated from the
Port Settings
screen of the Port Management tab.
Interface
Select
Port
or
LAG
, then select the desired
interface from the appropriate drop-down menu.
Lock Interface
Select this option to lock the interface.
The default is not selected (interface not locked).
•
•
•
Learning Mode
Defines the locked port type. This field
is enabled only if
Lock Interface
is not selected. The
possible values are:
Classic Lock
Locks the port using the classic lock
mechanism. The port is immediately locked, regardless
of how many addresses have already been learned.
Limited Dynamic Lock
Locks the port by deleting
the current dynamic MAC addresses associated with
the port. The port learns up to the maximum number
of addresses allowed on the port. Both relearning and
aging MAC addresses are enabled.
In order to change the
Learning Mode
, the
Lock Interface
must be unselected. Once the
Learning Mode
is changed,
the
Lock Interface
can be reinstated.
Max Entries
Specifies the number of MAC addresses
that can be learned on the port. This field is enabled only
if
Learning Mode
is set to
Limited Dynamic Lock
. The
default value is
.
Action on Violation
Indicates the action to be applied to
packets arriving on a locked port. The possible values are:
Discard
Discards packets from any unlearned source.
This is the default value.
Forward
Forwards packets from an unknown source
without learning the MAC address.
Shutdown
Discards packets from any unlearned
source and shuts down the port. The port remains shut
down until reactivated, or until the device is reset.
Update
If you click this button, your changes are saved
and appear immediately in the table at the bottom of the
Port Security
screen.
The lower portion of the
Port Security
screen displays
a summary of the settings in the upper portion of the
screen. The settings are displayed for each of the ports
on the Switch.
Click
Save Settings
to apply the changes, or
Cancel
Changes
to cancel the changes.
•
•
•
•
•
