Cisco Cisco SG200-26P 26-port Gigabit PoE Smart Switch Manuel De Maintenance
Security
Port Security
Cisco Small Business SF200E Series Advanced Smart Switch
168
10
Enabling Port Security
To configure port security:
STEP 1
On the Port Security page, select Enable for the global Admin Mode and click
Apply.
Apply.
STEP 2
Select the port or LAG to configure and click Edit.
STEP 3
Configure the following settings:
•
Interface Status—Select Lock to enable port security on the interface.
When an interface transitions from unlocked to locked, all addresses that
had been dynamically learned by the switch on that port are removed from
its MAC address list.
When an interface transitions from unlocked to locked, all addresses that
had been dynamically learned by the switch on that port are removed from
its MAC address list.
•
Max No. of Static MAC Addresses—Specify the maximum number of static
secure MAC addresses at the port/LAG. Static secure MAC address are
configured on the Static Addresses page. The total number of secure
addresses cannot exceed 256.
secure MAC addresses at the port/LAG. Static secure MAC address are
configured on the Static Addresses page. The total number of secure
addresses cannot exceed 256.
•
Max No. of Dynamic MAC Addresses—Specify the maximum number of
dynamic secure MAC addresses that can be learned from the port/LAG. The
total number of secure addresses cannot exceed 256.
dynamic secure MAC addresses that can be learned from the port/LAG. The
total number of secure addresses cannot exceed 256.
When port-security is enabled on a port, and static or dynamic limits are set
to new values, the following rules apply:
to new values, the following rules apply:
-
If the new value is greater than the old value, no action is taken for either
the dynamic or static addresses.
the dynamic or static addresses.
-
If the new value is less than the old value, the following actions are taken:
Dynamic Addresses—The switch initiates a flush of all learned
addresses on the port.
addresses on the port.
Static Addresses—The switch retains the static addresses (up to the
static limit) regardless of whether the addresses are configured as
secure, permanent, or delete on timeout. It then deletes the remaining
static addresses from the MAC address table.
static limit) regardless of whether the addresses are configured as
secure, permanent, or delete on timeout. It then deletes the remaining
static addresses from the MAC address table.
•
Action on Violation—Select how the switch handles incoming packets that
are not allowed on the locked port:
are not allowed on the locked port:
-
Discard—Packets are dropped.
-
Discard with Trap—Packets are dropped and a trap is sent to the log.