5.9.2.1.1 Monitor Security Network Port Security Overview
The Port Security Switch Status page shows the Port Security status. Port Security may be configured both administratively and indirectly through other software modules—the so-called user modules. When a user module has enabled port security on a port, the port is set up for software-based learning. In this mode, frames from unknown MAC addresses are passed on to the port security module, which in turn asks all user modules whether to allow this new MAC address to forward or block it. For a MAC address to be set in the forwarding state, all enabled user modules must unanimously agree on allowing the MAC address to forward. If only one chooses to block it, then it is blocked until that user module decides otherwise. The status page is divided into two sections—one with a legend of user modules and one with the actual port status.
The Port Security Switch Status page has the following parameters:
- User Module Legend: The
legend shows all user modules that may request Port Security services
- User Module Name: The full name of a module that may request Port Security services
- Abbr: A one-letter abbreviation of the user module. This is used in the Users column in the port status table.
- Port Status: The table has
one row for each port on the switch and several columns, which are as
follows:
- Clear: Click to remove all dynamic MAC addresses on all VLANs on this port. The button is only clickable if number of secured MAC addresses is non:zero.
- Port: The port number for which the status applies. Click the port number to see the status for this particular port.
- Users: Each of the user modules has a column that shows if that module has enabled Port Security. A (-) means that the corresponding user module is not enabled, whereas a letter indicates that the user module abbreviated by that letter (see Abbr) has enabled port security.
- Violation
Mode: Shows the configured Violation Mode of the port.
It can take one of four values:
- Disabled: Port Security is not administratively enabled on this port
- Protect: Port Security is administratively enabled in Protect mode
- Restrict: Port Security is administratively enabled in Restrict mode
- Shutdown: Port Security is administratively enabled in Shutdown mode
- State: Shows the current state of the port.
It can take one of four values:
- Disabled: No user modules are currently using the Port Security service
- Ready: The Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive
- Limit Reached: The Port Security service is administratively enabled, and the limit is reached
- Shut down: The Port Security service is administratively enabled, and the port is shut down. No MAC addresses can be learned on the port until it is administratively re-opened by administratively taking the port down and then back up on the Configuration > Ports page. Alternatively, the switch may be booted or reconfigured Port Security-wise.
- MAC Count (Current, Violating, and Limit): The three columns indicate the number of currently learned MAC addresses (forwarding as well as blocked), the number of violating MAC address (only counting in Restrict mode) and the maximum number of MAC addresses that can be learned on the port, respectively. If no user modules are enabled on the port, the Current column shows a dash (-). If Port Security is not administratively enabled on the port, then the Violating and Limit columns show a dash (-).