Home » Cisco Manuals » Bridges & Routers » Cisco SR224T-NA » Manual Viewer

Cisco SR224T-NA Administration Guide - Page 240

Learning Mode, Max No. of Addresses Allowed, Action on Violation, Interface Status, Classic Lock

Add to My Manuals
Save this manual to your list of manuals

Page 240 highlights

Configuring Security Configuring Port Security 17 • Learning Mode-Select the type of port locking. To configure this field, the Interface Status must be unlocked. The Learning Mode field is enabled only if the Interface Status field is locked. To change the Learning Mode, the Lock Interface must be cleared. After the mode is changed, the Lock Interface can be reinstated. The options are: - Classic Lock-Locks the port immediately, regardless of the number of addresses that have already been learned. - Limited Dynamic Lock-Locks the port by deleting the current dynamic MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both re-learning and aging of MAC addresses are enabled. - Secure Permanent-Keeps the current dynamic MAC addresses associated with the port and learns up to the maximum number of addresses allowed on the port (set by Max No. of Addresses Allowed). Relearning and aging are enabled. - Secure Delete on Reset-Deletes the current dynamic MAC addresses associated with the port after reset. New MAC addresses can be learned as Delete-On-Reset ones up to the maximum addresses allowed on the port. Relearning and aging are disabled. • Max No. of Addresses Allowed-Enter the maximum number of MAC addresses that can be learned on the port if Limited Dynamic Lock learning mode is selected. The number 0 indicates that only static addresses are supported on the interface. • Action on Violation-Select an action to be applied to packets arriving on a locked port. The options are: - Discard-Discards packets from any unlearned source. - Forward-Forwards packets from an unknown source without learning the MAC address. - Shutdown-Discards packets from any unlearned source, and shuts down the port. The port remains shut down until reactivated, or until the switch is rebooted. • Trap-Select to enable traps when a packet is received on a locked port. This is relevant for lock violations. For Classic Lock, this is any new address received. For Limited Dynamic Lock, this is any new address that exceeds the number of allowed addresses. NOTE Traps are SYSLOG-related and not generated through SNMP. Cisco Small Business 200 Series Smart Switch Administration Guide 241

Section	Page
Getting Started	7
Starting the Web-based Switch Configuration Utility	7
Quick Start Switch Configuration	11
Interface Naming Conventions	11
Window Navigation	13
Viewing Statistics	17
Viewing Ethernet Interfaces	17
Viewing Etherlike Statistics	18
Viewing 802.1X EAP Statistics	19
Managing RMON	21
Managing System Logs	24
Setting System Log Settings	24
Setting Remote Logging Settings	26
Viewing Memory Logs	27
Managing System Files	29
Types of System Files	29
Upgrade/Backup Firmware/Language	32
Downloading or Backing-up a Configuration or Log	34
Viewing Configuration Files Properties	37
Copying Configuration Files	38
DHCP Auto Configuration	39
General Administrative Information	43
Switch Models	43
System Information	45
Rebooting the Switch	47
Monitoring the Fan Status and Temperature	48
Defining Idle Session Timeout	48
Pinging a Host	49
System Time	51
System Time Options	52
SNTP Modes	53
Configuring System Time	54
Managing Device Diagnostics	61
Testing Copper Ports	61
Displaying Optical Module Status	63
Configuring Port and VLAN Mirroring	64
Viewing CPU Utilization and Secure Core Technology	66
Configuring Discovery	68
Configuring Bonjour Discovery	68
LLDP and CDP	69
Configuring LLDP	70
Configuring CDP	91
Port Management	100
Configuring Ports	100
Setting Basic Port Configuration	101
Configuring Link Aggregation	103
Configuring Green Ethernet	111
Smartports	118
Overview	118
What is a Smartport	119
Smartport Types	119
Smartport Macros	122
Macro Failure and the Reset Operation	123
How the Smartport Feature Works	124
Auto Smartport	124
Error Handling	128
Default Configuration	128
Relationships with Other Features and Backwards Compatibility	129
Common Smartport Tasks	129
Configuring Smartport Using The Web-based Interface	131
Built-in Smartport Macros	136
Managing Power-over-Ethernet Devices	148
PoE on the Switch	148
Configuring PoE Properties	151
Configuring the PoE Power, Priority, and Class	152
VLAN Management	155
VLANs	155
Configuring Default VLAN Settings	158
Creating VLANs	159
Configuring VLAN Interface Settings	160
Defining VLAN Membership	161
Voice VLAN	165
Configuring the Spanning Tree Protocol	179
STP Flavors	179
Configuring STP Status and Global Settings	180
Defining Spanning Tree Interface Settings	182
Configuring Rapid Spanning Tree Settings	184
Managing MAC Address Tables	187
Configuring Static MAC Addresses	188
Managing Dynamic MAC Addresses	188
Configuring Multicast Forwarding	190
Multicast Forwarding	190
Defining Multicast Properties	193
Adding MAC Group Address	195
Adding IP Multicast Group Addresses	197
Configuring IGMP Snooping	198
MLD Snooping	200
Querying IGMP/MLD IP Multicast Group	203
Defining Multicast Router Ports	204
Defining Forward All Multicast	205
Defining Unregistered Multicast Settings	206
Configuring IP Information	207
Management and IP Interfaces	207
Configuring ARP	219
Domain Name Systems	220
Configuring Security	224
Defining Users	225
Configuring RADIUS	228
Configuring Management Access Authentication	230
Defining Management Access Method	231
Configuring TCP/UDP Services	236
Defining Storm Control	237
Configuring Port Security	238
Configuring 802.1X	241
Denial of Service Prevention	247
Using the SSL Feature	249
SSL Overview	249
Default Settings and Configuration	249
SSL Server Authentication Settings	250
Secure Sensitive Data	252
Introduction	252
SSD Rules	253
SSD Properties	258
Configuration Files	261
SSD Management Channels	266
Menu CLI and Password Recovery	266
Configuring SSD	267
Configuring Quality of Service	270
QoS Features and Components	271
Configuring QoS - General	272

Match case Limit results 1 per page

Configuring Security

Configuring Port Security

Cisco Small Business 200 Series Smart Switch Administration Guide

241

•

Learning Mode

—Select the type of port locking. To configure this field, the

Interface Status must be unlocked. The Learning Mode field is enabled only

if the

Interface Status

field is locked. To change the Learning Mode, the Lock

Interface must be cleared. After the mode is changed, the Lock Interface can

be reinstated. The options are:

Classic Lock

—Locks the port immediately, regardless of the number of

addresses that have already been learned.

Limited Dynamic Lock

—Locks the port by deleting the current dynamic

MAC addresses associated with the port. The port learns up to the

maximum addresses allowed on the port. Both re-learning and aging of

MAC addresses are enabled.

Secure Permanent

—Keeps the current dynamic MAC addresses

associated with the port and learns up to the maximum number of

addresses allowed on the port (set by

Max No. of Addresses Allowed

Relearning and aging are enabled.

Secure Delete on Reset

—Deletes the current dynamic MAC addresses

associated with the port after reset. New MAC addresses can be learned

as Delete-On-Reset ones up to the maximum addresses allowed on the

port. Relearning and aging are disabled.

•

Max No. of Addresses Allowed

—Enter the maximum number of MAC

addresses that can be learned on the port if

Limited Dynamic Lock

learning

mode is selected. The number 0 indicates that only static addresses are

supported on the interface.

•

Action on Violation

—Select an action to be applied to packets arriving on a

locked port. The options are:

Discard

—Discards packets from any unlearned source.

Forward

—Forwards packets from an unknown source without learning

the MAC address.

Shutdown

—Discards packets from any unlearned source, and shuts

down the port. The port remains shut down until reactivated, or until the

switch is rebooted.

•

Trap

—Select to enable traps when a packet is received on a locked port.

This is relevant for lock violations. For Classic Lock, this is any new address

received. For Limited Dynamic Lock, this is any new address that exceeds

the number of allowed addresses.

NOTE

Traps are SYSLOG-related and not generated through SNMP.