Cisco Cisco SG200-26P 26-port Gigabit PoE Smart Switch Manuel De Maintenance

Port Security

Cisco Small Business SF200E Series Advanced Smart Switch

168

 

To configure port security:

On the Port Security page, select Enable for the global Admin Mode and click 
Apply. 

Select the port or LAG to configure and click Edit.

Configure the following settings:

•

Interface Status—Select Lock to enable port security on the interface. 
When an interface transitions from unlocked to locked, all addresses that 
had been dynamically learned by the switch on that port are removed from 
its MAC address list.

•

Max No. of Static MAC Addresses—Specify the maximum number of static 
secure MAC addresses at the port/LAG. Static secure MAC address are 
configured on the Static Addresses page. The total number of secure 
addresses cannot exceed 256.

•

Max No. of Dynamic MAC Addresses—Specify the maximum number of 
dynamic secure MAC addresses that can be learned from the port/LAG. The 
total number of secure addresses cannot exceed 256.

When port-security is enabled on a port, and static or dynamic limits are set 
to new values, the following rules apply:

-

If the new value is greater than the old value, no action is taken for either 
the dynamic or static addresses.

-

If the new value is less than the old value, the following actions are taken:

Dynamic Addresses—The switch initiates a flush of all learned 
addresses on the port.

Static Addresses—The switch retains the static addresses (up to the 
static limit) regardless of whether the addresses are configured as 
secure, permanent, or delete on timeout. It then deletes the remaining 
static addresses from the MAC address table.

•

Action on Violation—Select how the switch handles incoming packets that 
are not allowed on the locked port:

-

Discard—Packets are dropped.

-

Discard with Trap—Packets are dropped and a trap is sent to the log.