Configuring Trapping; Configuring Secure Mac Addresses; Configuration Prerequisites; Configuration Procedure - HP 4800G Series Configuration Manual

Table of Contents

macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MAC

authentication and 802.1X authentication for the same frame fail.

Configuring Trapping

The trapping feature enables a device to send trap information in response to four types of events:

addresslearned: A port learns a new address.

dot1xlogfailure/dot1xlogon/dot1xlogoff: A port learns 802.1x authentication failure/successful

802.1x authentication/802.1x user logoff.

ralmlogfailure/ralmlogoff: A port learns MAC authentication failure/MAC authentication user

intrusion: A port learns illegal frames.

Follow these steps to configure port security trapping:

Enter system view

Enable port security

Secure MAC addresses are special MAC addresses. They never age out or get lost if saved before the

device restarts. One secure MAC address can be added to only one port in the same VLAN. Thus, you

can bind a MAC address to one port in the same VLAN.

Secure MAC addresses can be:

Learned by a port working in autoLearn mode.

Manually configured through the command line interface (CLI) or management information base

When the maximum number of secure MAC addresses is reached, no more can be added. The port

allows only the packets with the source MAC address being the secure MAC address.

Enable port security

Set the maximum number of secure MAC addresses allowed on the port

Set the port security mode to autoLearn

Follow these steps to configure a secure MAC address:

Use the command...

port-security trap { addresslearned |

dot1xlogfailure | dot1xlogoff |

dot1xlogon | intrusion | ralmlogfailure

| ralmlogoff | ralmlogon }

macAddressElseUserLoginSecure

By default, no port security trap

Table of Contents