Chapter 5
Advanced Configuration
35
8-Port 10/100/1000 Gigabit Switch with Webview
to that port (either it was learned on a different port, or it
is unknown to the system), the protection mechanism is
invoked, and can provide various options. Unauthorized
packets arriving at a locked port are either:
Forwarded
•
Discarded with no trap
•
Discarded with a trap
•
Cause the port to be shut down.
•
Locked port security also enables storing a list of MAC
addresses in the configuration file. The MAC address list
can be restored after the device has been reset.
Disabled ports are activated from the Port Security page.
Interface
Displays the port or LAG name.
Lock Interface
Selecting this option locks the specified
interface.
Learning Mode
Defines the locked port type. The
Learning Mode field is enabled only if Locked is selected
in the Interface Status field.The possible field values are:
Classic Lock
•
Locks the port using the classic lock
mechanism. The port is immediately locked, regardless
of the number of addresses that have already been
learned.
Limited Dynamic Lock
•
Locks the port by deleting
the current dynamic MAC addresses associated with
the port. The port learns up to the maximum addresses
allowed on the port. Both relearning and aging MAC
addresses are enabled.
In order to change the Learning Mode, the Lock Interface
must be set to Unlocked. Once the mode is changed, the
Lock Interface can be reinstated.
Max Entries
Specifies the number of MAC addresses that
can be learned on the port. The Max Entries field is enabled
only if Locked is selected in the Interface Status field. In
addition, the Limited Dynamic Lock mode is selected. The
default is
1
.
Action on Violation
Indicates the action to be applied to
packets arriving on a locked port. The possible field values
are:
Discard
•
Discards packets from any unlearned source.
This is the default value.
Forward Normal
•
Forwards packets from an unknown
source without learning the MAC address.
Discard Disable
•
Discards packets from any unlearned
source and shuts down the port. The port remains shut
down until reactivated, or until the device is reset.
Enable Trap
Enables traps when a packet is received on
a locked port.
Trap Frequency
The amount of time (in seconds)
between traps. The default value is
10
seconds.
Security > Multiple Hosts
The
Multiple Hosts
screen allows network managers to
configure advanced port-based authentication settings
for specific ports and VLANs.
Security > HTTPS Settings
Port
Displays the port number for which advanced port-
based authentication is enabled.
Enable Multiple Hosts
When checked, indicates that
multiple hosts are enabled. Multiple hosts must be
enabled in order to either disable the ingress-filter, or to
use port-lock security on the selected port.
Action on Violation
Defines the action to be applied to
packets arriving in single-host mode, from a host whose
MAC address is not the supplicant MAC address. The
possible field values are:
Discard
•
Discards the packets. This is the default
value.
Forward
•
Forwards the packet.
Discard Disable
•
Discards the packets and shuts
down the port. The ports remains shut down until
reactivated, or until the device is reset.
Enable Traps
When checked, indicates that traps are
enabled for Multiple Hosts.
Trap Frequency
Defines the time period by which traps
are sent to the host. The Trap Frequency (1-1000000) field
can be defined only if multiple hosts are disabled. The
default is 10 seconds.
Status
Indicates the host status. If there is an asterisk (*),
the port is either not linked or is down.