HP ProCurve 9304M Security Manual page 130

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Security Guide for ProCurve 9300/9400 Series Routing Switches

ProCurveRS(config-if-e100-3/1)# mac-authentication disable-aging

Syntax: [no] mac-authentication disable-aging

Specifying the Aging Time for Blocked MAC Addresses

When the HP device is configured to drop traffic from non-authenticated MAC addresses, traffic from the blocked

MAC addresses is dropped in hardware, without being sent to the CPU. A Layer 2 CAM entry is created that

drops traffic from the blocked MAC address in hardware. If no traffic is received from the blocked MAC address for

a certain amount of time, this Layer 2 CAM entry is aged out. If traffic is subsequently received from the MAC

address, then an attempt can be made to authenticate the MAC address again.

Aging of the Layer 2 CAM entry for a blocked MAC address occurs in two phases, known as hardware aging and

software aging. The hardware aging period is fixed at 70 seconds and is non-configurable. The software aging

time is configurable through the CLI.

Once the HP device stops receiving traffic from a blocked MAC address, the hardware aging begins and lasts for a

fixed period of time. After the hardware aging period ends, the software aging period begins. The software aging

period lasts for a configurable amount of time (by default 120 seconds). After the software aging period ends, the

blocked MAC address ages out, and can be authenticated again if the HP device receives traffic from the MAC

address.

To change the length of the software aging period for blocked MAC addresses, enter a command such as the

following:

ProCurveRS(config)# mac-authentication max-age 180

Syntax: [no] mac-authentication max-age <seconds>

You can specify from 1 – 65535 seconds. The default is 120 seconds.

Displaying Multi-Device Port Authentication Information

You can display the following information about the multi-device port authentication configuration:

•

Information about authenticated MAC addresses

•

Information about the multi-device port authentication configuration

•

Authentication Information for a specific MAC address or port

•

Multi-device port authentication settings and authenticated MAC addresses for each port where the multi

device port authentication feature is enabled

•

The MAC addresses that have been successfully authenticated

•

The MAC addresses for which authentication was not successful

Displaying Authenticated MAC Address Information

To display information about authenticated MAC addresses on the ports where the multi-device port authentication

feature is enabled, enter the following command:

ProCurveRS# show authenticated-mac-address

----------------------------------------------------------------------

Port

Vlan

----------------------------------------------------------------------

1/18

100

1/20

1/22

100

4/5

Syntax: show authenticated-mac-address

6 - 8

Accepted MACs

Rejected MACs

Attempted-MACs

100

June 2005

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 130

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents