HP 2600 Series User Manual

Page 237

Advertising
background image

9-7

Configuring and Monitoring Port Security

Port Security Command Options and Operation

Syntax: port-security [e] < port-list >

learn-mode < continuous | static | configured | port-access >

Continuous

(Default)

: Appears in the factory-default

setting or when you execute

no port-security.

Allows the port

to learn addresses from inbound traffic from any
device(s) to which it is connected. In this state, the port
accepts traffic from any device(s) to which it is
connected. Addresses learned this way appear in the
switch and port address tables and age out according to
the

MAC Age Interval

in the System Information configura-

tion screen of the Menu interface or the

show system-

information

listing

.

Static:

The static-learn option enables you to use the

mac-

address

parameter to specify the MAC addresses of the

devices authorized for a port, and the

address-limit

parameter to specify the number of MAC addresses
authorized for the port. You can authorize specific
devices for the port, while still allowing the port to accept
other, non-specified devices until the port reaches the
configured address limit. That is, if you enter fewer MAC
addresses than you authorized, the port fills the
remainder of the address allowance with MAC addresses
it automatically learns. For example, if you specify three
authorized devices, but enter only one authorized MAC
address, the port adds the one specifically authorized
MAC address to its authorized-devices list and the first
two additional MAC addresses it detects. If, for example:

You authorize MAC address

0060b0-880a80

on port A4

.

– You allow three devices on port A4, but the port

detects these MAC addresses:

1.

080090-1362f2

3.

080071-0c45a1

2.

00f031-423fc1

4.

0060b0-880a80

(the authorized

address.)

Port A4 then has the following list of authorized
addresses:

080090-1362f2

(The first address detected.)

00f031-423fc1

(The second address detected.)

0060b0-880a80

(The authorized address.)

The remaining MAC address,

080071-0c45a1

, is an intruder.

See also “Retention of Static Addresses” on page 9-10.

Caution: When you use learn-mode static with a device limit
greater than the number of MAC addresses you specify with
mac-address, an unwanted device can become “authorized”.
This can occur because the port, in order to fulfill the number of
devices allowed by address-limit, automatically adds devices it
detects until it reaches the specified limit.

Advertising
Popular Brands
Popular manuals