General operation for port security

On a per-port basis, you can configure security measures to block unauthorized devices, and to send notice of security violations. Once port security is configured, you can then monitor the network for security violations through one or more of the following:
  • Alert flags captured by network management tools.

  • Alert Log entries in the WebAgent

  • Event Log entries in the console interface

  • Intrusion Log entries in the menu interface, CLI, or WebAgent

For any port, you can configure the following:
  • ActionUsed when a port detects an intruder. Specifies whether to send an SNMP trap to a network management station and whether to disable the port.

  • Address LimitSets the number of authorized MAC addresses allowed on the port.

  • Learn-ModeSpecify how the port acquires authorized addresses.
    • Limited-Continuous: Sets a finite limit (1 - 32) to the number of learned addresses allowed per port.

    • Continuous: Allows the port to learn addresses from inbound traffic from any connected device. This is the default setting.

  • Static: Enables you to set a fixed limit on the number of MAC addresses authorized for the port and to specify some or all the authorized addresses. (If you specify only some of the authorized addresses, the port learns the remaining authorized addresses from the traffic it receives from connected devices.)

  • Configured: Requires that you specify all MAC addresses authorized for the port. The port is not allowed to learn addresses from inbound traffic.

  • Authorized (MAC) AddressesSpecify up to eight devices (MAC addresses) that are allowed to send inbound traffic through the port. This feature:
    • Closes the port to inbound traffic from any unauthorized devices that are connected to the port.

    • Provides the option for sending an SNMP trap notifying of an attempted security violation to a network management station and, optionally, disables the port. (For more on configuring the switch for SNMP management, see "Trap Receivers and Authentication Traps" in the management and configuration guide for your switch.)

  • Port AccessAllows only the MAC address of a device authenticated through the switch 802.1X Port-Based access control.