HP ProCurve 9304M Security Manual page 119

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Using the MAC Port Security Feature

To set the port security age timer to 10 minutes on a specific interface:

ProCurveRS(config)# int e 7/11

ProCurveRS(config-if-e100-7/11)# port security

ProCurveRS(config-port-security-e100-7/11)# age 10

Syntax: [no] age <minutes>

The default is 0 (never age out secure MAC addresses).

Specifying Secure MAC Addresses

To specify a secure MAC address on an interface, enter commands such as the following:

ProCurveRS(config)# int e 7/11

ProCurveRS(config-if-e100-7/11)# port security

ProCurveRS(config-port-security-e100-7/11)# secure 0050.DA18.747C

Syntax: [no] secure <mac-address>

Autosaving Secure MAC Addresses to the Startup-Config File

The learned MAC addresses can automatically be saved to the startup-config file at specified intervals. For

example, to automatically save learned secure MAC addresses on the device every twenty minutes, enter the

following commands:

ProCurveRS(config)# port security

ProCurveRS(config-port-security)# autosave 20

Syntax: [no] autosave <minutes>

You can specify from 15 – 1440 minutes. By default, secure MAC addresses are not autosaved to the startup

config file.

Specifying the Action Taken when a Security Violation Occurs

A security violation can occur when a user tries to plug into a port where a MAC address is already locked, or the

maximum number of secure MAC addresses has been exceeded. When a security violation occurs, an SNMP

trap and Syslog message are generated.

In addition, you configure the device to take one of two actions when a security violation occurs: either drop

packets from the violating address (and allow packets from secure addresses), or disable the port altogether for a

specified amount of time.

To configure the device to drop packets from a violating address and allow packets from secure addresses:

ProCurveRS(config)# int e 7/11

ProCurveRS(config-if-e100-7/11)# port security

ProCurveRS(config-port-security-e100-7/11)# violation restrict

Syntax: violation restrict

To shut down the port for 5 minutes when a security violation occurs:

ProCurveRS(config)# int e 7/11

ProCurveRS(config-if-e100-7/11)# port security

ProCurveRS(config-port-security-e100-7/11)# violation shutdown 5

Syntax: violation shutdown <minutes>

You can specify from 0 – 1440 minutes. Specifying 0 shuts down the port permanently when a security violation

occurs.

NOTE: When using this feature with a 24-port 10/100 module (part number J4140A) only the shutdown option

is supported. The restrict option is not supported on the J4140A.

June 2005

5 - 3

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 119

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents