Planning port security

Plan your port security configuration and monitoring according to the following:

  1. On which ports do you want port security?
  2. Which devices (MAC addresses) are authorized on each port?
  3. For each port, what security actions do you want? (The switch automatically blocks intruders detected on that port from transmitting to the network.) You can configure the switch to (1) send intrusion alarms to an SNMP management station and to (2) optionally disable the port on which the intrusion was detected.
  4. How do you want to learn of the security violation attempts the switch detects? You can use one or more of these methods:
    • Through network management (That is, do you want an SNMP trap sent to a net management station when a port detects a security violation attempt?)

    • Through the switch Intrusion Log, available through the CLI, menu, and WebAgent

    • Through the Event Log (in the menu interface or through the CLI show log command)

Use the CLI or WebAgent to configure port security operating and address controls.

Use the global configuration level to execute port-security configuration commands.