Eavesdrop Protection (Series 5300Xl Switches) - HP ProCurve 6400cl Series Access Security Manual
Hide thumbs
Also See for ProCurve 6400cl Series:
- Management and configuration manual (508 pages) ,
- Installation and getting started manual (84 pages) ,
- Management manual (664 pages)
Table of Contents
Advertisement
N o t e
•
Limited-Continuous: Sets a finite limit ( 1 - 32 ) to the number of
learned addresses allowed per port.
•
Static: Enables you to set a fixed limit on the number of MAC
addresses authorized for the port and to specify some or all of the
authorized addresses. (If you specify only some of the authorized
addresses, the port learns the remaining authorized addresses from
the traffic it receives from connected devices.)
•
Configured: Requires that you specify all MAC addresses authorized
for the port. The port is not allowed to learn addresses from inbound
traffic.
■
Authorized (MAC) Addresses: Specify up to eight devices (MAC
addresses) that are allowed to send inbound traffic through the port. This
feature:
•
Closes the port to inbound traffic from any unauthorized devices
that are connected to the port.
•
Provides the option for sending an SNMP trap notifying of an
attempted security violation to a network management station
and, optionally, disables the port. (For more on configuring the
switch for SNMP management, see "Trap Receivers and Authen
tication Traps" in the Management and Configuration Guide for
your switch.)
Port Access: Allows only the MAC address of a device authenticated
■
through the switch's 802.1X Port-Based access control. Refer to chapter
10, Configuring Port-Based and Client-Based Access Control (802.1X).
For configuration details, refer to "Configuring Port Security" on page 11-11.
Eavesdrop Protection (Series 5300xl Switches)
Configuring port security on a given port automatically enables eavesdrop
protection for that port. This prevents use of the port to flood unicast packets
addressed to MAC addresses unknown to the switch. This blocks unautho
rized users from eavesdropping on traffic intended for addresses that have
aged-out of the switch's address table. (Eavesdrop prevention does not affect
multicast and broadcast traffic, meaning that the switch floods these two
traffic types out a given port regardless of whether port security is enabled on
that port.)
On the Series 5300xl switches, eavesdrop protection is available beginning
with software release E.08.07. As of October 2005, eavesdrop protection is not
available on the Series 3400cl and Series 6400cl switches.
Configuring and Monitoring Port Security
Port Security
11-5
Advertisement
Table of Contents
