Filter
Top Products
6-120
Configuring the Switch
Configuring and Monitoring Port Security
Configuring the Switch
Table 6-5. Port Security Control Parameters
Parameter Description
Port Identifies the switch port to view or configure for port security.
Learn
Mode
Specifies how the port will acquire its list of authorized addresses.
Continuous (the default): Allows the port to learn addresses from inbound traffic from any device(s) to which
it is connected. In this state, the port accepts as authorized any device(s) to which it is connected. Addresses
learned this way appear in the switch and port address tables and age out according to the Address Age
interval in the System Information configuration screen.
Static: Enables you to specify how many devices are authorized on the port and to enter the MAC addresses
of the authorized devices. If you enter fewer MAC addresses than you authorized, the port learns the re-
maining addresses from the inbound traffic it receives. (See “Authorized Addresses” at the end of this table.)
Note: When you configure Learn Mode to Static, all devices (MAC addresses) in the port’s address table
are deleted (from both the port’s address table and the switch’s address table) and replaced by the
authorized devices for this port.
Address
Limit
When Learn Mode is set to Static, specifies how many authorized devices (MAC addresses) to allow. Range:
1 (the default) to 8.
Eavesdrop
Prevention
Specifies whether the port will block outbound traffic addressed to devices unknown to the port (that is,
flooded unicast traffic). This is recommended for use on secure ports with known (static) MAC addresses,
which make it unnecessary for these ports to transmit flooded unicast traffic for unknown destinations.
Disabled (the default): Allow the port to transmit all outbound traffic it receives, regardless of whether the
traffic is addressed to devices that are known to the port.
Enabled: Allows the port to transmit only the outbound traffic addressed to devices that are known to the
port. (Outbound traffic to devices unknown to the port is dropped.) Devices known to the port include all
devices (MAC addresses) the port has detected and listed in its address table, and any devices configured
in the Authorized Addresses table. (You can view the port’s address table from the console Status and
Counters menu. The Authorized Addresses table appears if the Learn Mode parameter is set to Static.
Note: This feature is not recommended for applications in which a port’s Learn Mode is configured to
Continuous.
Action Specifies whether an SNMP trap is sent to a network management station when Learn Mode is configured
to Static and the port detects an unauthorized device.
None (the default): Prevents an SNMP trap from being sent.
Send Alarm: Causes the switch to send an SNMP trap to a network management station. For information
on configuring the switch for SNMP management, see page 6-14.