HP ProCurve 9304M Security Manual page 117

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Overview

You can configure the HP device to learn a limited number of "secure" MAC addresses on an interface. The

interface will forward only packets with source MAC addresses that match these secure addresses. The secure

MAC addresses can be specified manually, or the HP device can learn them automatically. After the device

reaches the limit for the number of secure MAC addresses it can learn on the interface, if the interface then

receives a packet with a source MAC address that is different from any of the secure learned addresses, it is

considered a security violation.

When a security violation occurs, a Syslog entry and an SNMP trap are generated. In addition, the device takes

one of two actions: either drops packets from the violating address (and allows packets from the secure

addresses), or disables the port altogether for a specified amount of time. You specify which of these actions

takes place.

The secure MAC addresses are not flushed when an interface is disabled and brought up again. The secure

addresses can be kept secure permanently (the default), or can be configured to age out, at which time they are

no longer secure. You can configure the device to automatically save the list of secure MAC addresses to the

startup-config file at specified intervals, allowing addresses to be kept secure across system restarts.

The port security feature applies only to Ethernet interfaces.

Local and Global Resources

The port security feature uses a concept of local and global "resources" to determine how many MAC addresses

can be secured on each interface. In this context, a "resource" is the ability to store one secure MAC address

entry. Each interface is allocated 64 local resources. Additional global resources are shared among all the

interfaces on the device.

When the port security feature is enabled, the interface can store 1 secure MAC address. You can increase the

number of MAC addresses that can be secured using local resources to a maximum of 64.

Besides the maximum of 64 local resources available to an interface, there are additional global resources.

Depending on flash memory size, a device can have 1024, 2048, or 4096 global resources available. When an

interface has secured enough MAC addresses to reach its limit for local resources, it can secure additional MAC

addresses by using global resources. Global resources are shared among all the interfaces on a first-come, first

served basis.

The maximum number of MAC addresses any single interface can secure is 64 (the maximum number of local

resources available to the interface), plus the number of global resources not allocated to other interfaces.

June 2005

Using the MAC Port Security Feature

Chapter 5

5 - 1

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 117

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents