Siemens RUGGEDCOM ROX II User Manual page 135

RUGGEDCOM ROX II
CLI User Guide
IMPORTANT!
Do not apply port security on core switch connections. Port security is applied at the end of the network
to restrict admission to specific devices.
To configure port security for a switched Ethernet port, do the following:
1. Make sure the CLI is in Configuration mode.
2. Navigate to interface » switch » {slot} » {port} » port-security, where {slot} is the module and {port} is the
switched Ethernet port.
3. Configure the port security settings by configuring the following parameter(s) as required:
Parameter
security-mode { security-mode }
auto-learn { auto-learn }
shutdown-time { shutdown-time }
admin-shutdown
4. Configure the 802.1x settings by configuring the following parameter(s) as required:
Parameter
tx-period { tx-period }
quiet-period { quiet-period }
reauth-enable
Configuring Port Security
Description
Synopsis: { dot1x_mac_auth, dot1x, per_macaddress, off }
Default: off
Enables or disables the security feature for the port.
The following port access control types are available:
<itemizedlist><listitem>Static MAC address based. With this
method, authorized MAC address(es) should be configured
in the static MAC address table. If some MAC addresses are
not known in advance (or which port they are going to reside
behind is unknown), there is still an option to configure the switch
to auto-learn a certain number of MAC addresses.</listitem>
<listitem>IEEE 802.1X standard authentication.</listitem>
<listitem>IEEE 802.1X with MAC Authentication, also known as
MAC-Authentication Bypass. With this method, the device can
authenticate clients based on the client's MAC address, if IEEE
802.1X authentication times out.</listitem></itemizedlist>
Synopsis: An integer between 0 and 16
Default: 0
The maximum number of MAC addresses that can be
dynamically learned on the port. If there are static addresses
configured on the port, the actual number of addresses allowed
to be learned is this number minus the number of the static MAC
addresses.
Synopsis: An integer between 1 and 86400
How long to shut down an interface if a security violation occurs.
Synopsis: typeless
Enables/disables administative shutdown if a security violation
occurs.
Description
Synopsis: An integer between 1 and 65535
Default: 30
IEEE 802.1X PAE (Port Access Entity) parameters
Synopsis: An integer between 0 and 65535
Default: 60
The period of time not to attempt to acquire a supplicant after the
authorization session failed.
Synopsis: typeless
Enables or disables periodic reauthentication
Chapter 3
Device Management
97