Filter
Top Products
65-10
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 65 Managing Cisco Catalyst Switches and Cisco 7600 Series Routers
Interfaces
Access Port settings
VLAN ID (Select button) Displays the interface-specific identity of the VLAN to use in access
port mode, if you have selected a VLAN. Otherwise, click Select to
open the VLAN Selector Dialog Box, page 65-36.
The VLAN ID specifies where 802.1Q tagged packets are sent and
received on the subinterface; without a VLAN ID, the subinterface
cannot send or receive traffic. Valid values range from 1 to 4094. Some
VLAN IDs might be reserved on connected devices, so see the device
documentation for more information. For multiple context mode, you
can only set the VLAN in the system configuration.
Note All VLAN IDs must be unique among all subinterfaces
configured on the same physical interface.
Tip To configure DOT1Q encapsulation on an Ethernet interface
without associating the VLAN with a subinterface, enter the
vlan-id dot1q command using CLI commands or FlexConfigs.
Configuring VLANs on the main interface increases the
number of VLANs that can be configured on the device.
Enable Port Security When selected, enables you to restrict input to an interface by limiting
the MAC addresses that are allowed to access the port.
When deselected, disables port security.
Max. MAC Addresses Applies only when Enable Port Security is selected.
The maximum number of secure MAC addresses for the interface. Valid
values range from 1 to 4097.
Note Secure MAC addresses are configured dynamically using the
MAC addresses of connected devices.
Violation Policy The action to take if a security violation occurs:
• Port Security Protect—Drops packets with unknown source
addresses until you remove a sufficient number of secure MAC
addresses and the count drops below the maximum value.
• Port Security Restrict—Drops packets with unknown source
addresses until you remove a sufficient number of secure MAC
addresses and the count drops below the maximum value. In
addition, it causes the SecurityViolation counter to increment.
• Port Security Shutdown—Immediately puts the interface into the
error-disabled state and sends an SNMP trap notification.
A security violation occurs if a workstation whose MAC address is not
in the address table attempts to access the interface after the maximum
number of secure MAC addresses is configured.
Enable VACL Capture When selected, enables VACL capture. If the capture bit is set, ports
with the capture function enabled can receive forwarded packets.
When deselected, disables VACL capture.
Table 65-4 Create and Edit Interface Dialog Boxes—Access Port Mode (Continued)
Element Description