HP 2600 Series User Manual

9-16

Configuring and Monitoring Port Security
Port Security Command Options and Operation

To remove a device (MAC address) from the “Authorized” list and when the
current number of devices equals the Address Limit value, you should first
reduce the Address Limit value by 1, then remove the unwanted device.

N o t e

When you have configured the switch for

learn-mode static operation, you can

reduce the address limit below the number of currently authorized addresses
on a port. This enables you to subsequently remove a device from the “Autho-
rized” list without opening the possibility for an unwanted device to automat-
ically become authorized. (If you use learn-mode configured instead, the
switch cannot automatically add detected devices not included in the

mac-

address configuration. Refer to the Note on page 9-8.)

For example, suppose port A1 is configured as shown below and you want to
remove 0c0090-123456 from the Authorized Address list:

Figure 9-7. Example of Two Authorized Addresses on Port A1

The following command serves this purpose by removing 0c0090-123456 and
reducing the Address Limit to 1:

ProCurve(config)# port-security a1 address-limit 1

ProCurve(config)# no port-security a1 mac-address 0c0090-

123456

The above command sequence results in the following configuration for port
A1:

When removing 0c0090-123456, first
reduce the Address Limit by 1 to prevent
the port from automatically adding another
device that it detects on the network.