HP TopTools for Hubs and Switches User Manual

Setting Up Security for a Device

Switch Port Security

14-13

Learn Mode

Specifies how the port will acquire its list of authorized addresses.
Continuous (the default): Allows the port to learn addresses from inbound
traffic from any device(s) to which it is connected. In this state, the port
accepts as authorized any device(s) to which it is connected. Addresses
learned this way appear in the switch and port address tables and age out
according to the Address Age interval in the System Information
configuration screen.
Static: Enables you to specify how many devices are authorized on the
port and to enter the MAC addresses of the authorized devices. If you enter
fewer MAC addresses than you authorized, the port learns the remaining
addresses from the inbound traffic it receives. (See “Authorized
Addresses” at the end of this table).
Note: When you configure Learn Mode to Static, all devices (MAC
addresses) in the port's address table are deleted from both the port's
address table and the switch's address table and replaced by the
authorized devices for this port.

Address Limit

When Learn Mode is set to Static, specifies how man authorized devices
(MAC addresses) to allow. The range is 1 (the default) to 8.

Eavesdrop Prevention

Specifies whether the port will block outbound traffic addressed to
devices unknown to the port, that is, flooded unicast traffic. This is
recommended for use on secure port with known (static) MAC addresses,
which makes it unnecessary for these ports to transmit flooded unicast
traffic for unknown destinations.
Disabled: (the default): Allow the port to transmit all outbound traffic it
receives, regardless of whether the traffic is addressed to devices that
are known to the port.
Enabled: Allows the port to transmit only the outbound traffic addressed
to devices that are known to the port. Outbound traffic to devices unknown
to the port is dropped. Devices known to the port include all devices (MAC
addresses) the port has detected and listed in its address table, and any
devices configured in the Authorized Addresses table. You can view the
port’s address table from the console Status and Counters menu. The
Authorized Addresses table appears if the Learn Mode parameter is set
to Static.
Note: This feature is not recommended for applications in which a port’s
Learn Mode is configured to Continuous.

Action

Specifies whether an SNMP trap is sent to a network management station
when Learn Mode is configured to Static and the port detects an
unauthorized device.
None (the default): Prevents an SNMP trap from being sent.
Send Alarm: Causes the switch to send an SNMP trap to a network
management station. For information on configuring the switch for SNMP
management, see the Management and Configuration Guide you received

Parameter

Description