Configuring Device Security
Managing Port Security
Network security can be increased by limiting access on a specific port only to users with
specific MAC addresses. The MAC addresses can be dynamically learned or statically
configured. Locked port security monitors both received and learned packets that are received on
specific ports. Access to the locked port is limited to users with specific MAC addresses. These
addresses are either manually defined on the port, or learned on that port up to the point when it
is locked. When a packet is received on a locked port, and the packet source MAC address is not
tied to that port (either it was learned on a different port, or it is unknown to the system), the
protection mechanism is invoked, and can provide various options. Unauthorized packets
arriving at a locked port are either:
■
Forwarded
■
Discarded with no trap
■
Discarded with a trap
■
Cause the port to be shut down.
Locked port security also enables storing a list of MAC addresses in the configuration file. The
MAC address list can be restored after the device has been reset.
Disabled ports are activated from the Port Security page.
To define port security:
1. Click Network Security > Traffic Control > Port Security. The Port Security page opens:
Port Security
The Port Security page contains the following fields:
❏
Ports — Displays the port security information for ports.
❏
LAGs — Displays the port security information for LAGs.
❏
Interface — Displays the port or LAG name.
❏
Interface Status — Indicates the port security status. The possible field values are:
◆
Unlocked — Indicates the port is currently unlocked. This is the default value.
4-42
www.hp.com
Embedded Web System User Guide