Plan your port security configuration and monitoring
according to the following:
Procedure
- On which ports do you want
port security?
- Which devices (MAC addresses)
are authorized on each port?
- For each port, what security
actions do you want? (The switch automatically blocks intruders detected
on that port from transmitting to the network.) You can configure
the switch to (1) send intrusion alarms to an SNMP management station
and to (2) optionally disable the port on which the intrusion was
detected.
- How do you want to learn
of the security violation attempts the switch detects? You can use
one or more of these methods:
Through network management (That is, do you want an
SNMP trap sent to a net management station when a port detects a security
violation attempt?)
Through the switch Intrusion Log, available through
the CLI, menu, and WebAgent
Through the Event Log (in the menu interface or through
the CLI show log command)
Use the CLI or WebAgent to configure port security
operating and address controls.
Use the global configuration level to execute
port-security configuration commands.