HP ProCurve 9304M Security Manual page 118

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Security Guide for ProCurve 9300/9400 Series Routing Switches

Configuring the MAC Port Security Feature

To configure the MAC port security feature, you perform the following tasks:

•

Enable the MAC port security feature

•

Set the maximum number of secure MAC addresses for an interface

•

Set the port security age timer

•

Specify secure MAC addresses

•

Configure the device to automatically save secure MAC addresses to the startup-config file

•

Specify the action taken when a security violation occurs

Enabling the MAC Port Security Feature

By default, the MAC port security feature is disabled on all interfaces. You can enable or disable the feature

globally on all interfaces at once or on individual interfaces.

To enable the feature on all interfaces at once:

ProCurveRS(config)# port security

ProCurveRS(config-port-security)# enable

To disable the feature on all interfaces at once:

ProCurveRS(config)# port security

ProCurveRS(config-port-security)# no enable

To enable the feature on a specific interface:

ProCurveRS(config)# int e 7/11

ProCurveRS(config-if-e100-7/11)# port security

ProCurveRS(config-port-security-e100-7/11)# enable

Syntax: port security

Syntax: [no] enable

Setting the Maximum Number of Secure MAC Addresses for an Interface

When the port security feature is enabled, the interface can store 1 secure MAC address. You can increase the

number of MAC addresses that can be secured to a maximum of 64, plus the total number of global resources

available.

For example, to configure interface 7/11 to have a maximum of 10 secure MAC addresses:

ProCurveRS(config)# int e 7/11

ProCurveRS(config-if-e100-7/11)# port security

ProCurveRS(config-if-e100-7/11)# maximum 10

Syntax: maximum <number-of-addresses>

The <number-of-addresses> parameter can be set to a number from 0 – (64 + the total number of global

resources available) The total number of global resources is 2048 or 4096, depending on flash memory size.

Setting the parameter to 0 prevents any addresses from being learned. The default is 1.

Setting the Port Security Age Timer

By default, the learned MAC addresses stay secure indefinitely. You can optionally configure the device to age out

secure MAC addresses after a specified amount of time.

To set the port security age timer to 10 minutes on all interfaces:

ProCurveRS(config)# port security

ProCurveRS(config-port-security)# age 10

5 - 2

June 2005

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 118

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents