Port Level Security Configuration Screen
Local Management Supplement
2-7
•
LockOnNext – The next frame received by each port is examined to
learn its source address. After the source address of a frame is learned
on a port, it is now locked on that address and only those frames
received with that same source address are allowed on that port. All
frames received that do not have that same source address will cause
the device to execute the actions selected in the Action On Intruder
field.
•
LockedOnAddr – The port locks down on the address that is currently
configured in the Port Level Security Configuration screen (if one is
entered) or on the source address of the currently received frame. If an
address was not configured or received, the device defaults to the
locked on address of “00-00-00-00-00-00” as indicated by
“XX-XX-XX-XX-XX-XX” in the address field shown in
Figure 2-3
.
When a port is locked on an address and the frame received violates
the set security, the actions selected in the Action On Intruder field are
executed.
Action On Intruder (Toggle)
Used to select the actions taken for the selected security state. There are
two fields to select the actions. Both toggle to activate or deactivate the
action.
•
DisablePort/NoDisablePort– DisablePort causes the switch to turn off
the port that had a security violation. With NoDisablePort set, the port
is not turned off.
•
SendTrap/NoTrap – SendTrap causes the switch to send an SNMP trap
when a port detects a security violation. With NoTrap set, no SNMP
trap is sent.
Address (Modifiable)
Used to enter the source MAC address for the LockedOnAddr security
state setting. Once a secure address is defined on a port, only those frames
received with that same source address are allowed on that port. Any other
frame detected with a different address is considered as an intruder,
causing the actions selected in the Action On Intruder field to be executed.
When the security state setting is NonSecure, the field displays the source
address of the last frame.