Cisco SR224T-NA Administration Guide - Page 240
Learning Mode, Max No. of Addresses Allowed, Action on Violation, Interface Status, Classic Lock
![]() |
View all Cisco SR224T-NA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 240 highlights
Configuring Security Configuring Port Security 17 • Learning Mode-Select the type of port locking. To configure this field, the Interface Status must be unlocked. The Learning Mode field is enabled only if the Interface Status field is locked. To change the Learning Mode, the Lock Interface must be cleared. After the mode is changed, the Lock Interface can be reinstated. The options are: - Classic Lock-Locks the port immediately, regardless of the number of addresses that have already been learned. - Limited Dynamic Lock-Locks the port by deleting the current dynamic MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both re-learning and aging of MAC addresses are enabled. - Secure Permanent-Keeps the current dynamic MAC addresses associated with the port and learns up to the maximum number of addresses allowed on the port (set by Max No. of Addresses Allowed). Relearning and aging are enabled. - Secure Delete on Reset-Deletes the current dynamic MAC addresses associated with the port after reset. New MAC addresses can be learned as Delete-On-Reset ones up to the maximum addresses allowed on the port. Relearning and aging are disabled. • Max No. of Addresses Allowed-Enter the maximum number of MAC addresses that can be learned on the port if Limited Dynamic Lock learning mode is selected. The number 0 indicates that only static addresses are supported on the interface. • Action on Violation-Select an action to be applied to packets arriving on a locked port. The options are: - Discard-Discards packets from any unlearned source. - Forward-Forwards packets from an unknown source without learning the MAC address. - Shutdown-Discards packets from any unlearned source, and shuts down the port. The port remains shut down until reactivated, or until the switch is rebooted. • Trap-Select to enable traps when a packet is received on a locked port. This is relevant for lock violations. For Classic Lock, this is any new address received. For Limited Dynamic Lock, this is any new address that exceeds the number of allowed addresses. NOTE Traps are SYSLOG-related and not generated through SNMP. Cisco Small Business 200 Series Smart Switch Administration Guide 241
![](/manual_guide/products/cisco-sr224t-administration-guide-6b1cd67/240.png)