Enabling Port Security Traps; Configuring Secure Mac Addresses - HP 6600 Security Configuration Manual

Step
3. Configure the intrusion
protection feature.
4. Return to system view.
5. Set the silence timeout period
during which a port remains
disabled.

Enabling port security traps

You can configure the port security module to send traps for the following categories of events:
addresslearned—Learning of new MAC addresses.
•
dot1xlogfailure/dot1xlogon/dot1xlogoff—802.1X authentication failure, success, and 802.1X
•
user logoff.
• ralmlogfailure/ralmlogon/ralmlogoff—MAC authentication failure, MAC authentication user
logon, and MAC authentication user logoff.
intrusion—Detection of illegal frames.
•
To enable port security traps:
Step
1. Enter system view.
2. Enable port
security traps.

Configuring secure MAC addresses

Secure MAC addresses are configured or learned in autoLearn mode and can survive link down/up
events. You can bind a secure MAC address to only one port in a VLAN.
IMPORTANT:
When the maximum number of secure MAC address entries is reached, the port changes to secure mode,
and no more secure MAC addresses can be added or learned. The port allows only frames sourced from
a secure MAC address or a MAC address configured by using the mac-address dynamic or mac-address
static command to pass through.
Secure MAC addressesinclude static, sticky, and dynamic secure MAC addresses.
Command
port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }
quit
port-security timer disableport
time-value
Command
system-view
port-security trap { addresslearned | dot1xlogfailure
| dot1xlogoff | dot1xlogon | intrusion |
ralmlogfailure | ralmlogoff | ralmlogon }
185
Remarks
By default, intrusion protection is
disabled.
N/A
Optional.
20 seconds by default.
Remarks
N/A
By default, port security
traps are disabled.