Download Print this page

HP Q.11.XX Manual Page 270

Procurve switches.
Hide thumbs

Advertisement

Configuring and Monitoring Port Security
Port Security Command Options and Operation
C a u t i o n
Note
9-16
The address-limit setting controls how many MAC addresses are allowed in
the Authorized Addresses list for a given port. If you remove a MAC address
without also reducing the address limit by 1, the port may later detect and
accept the same or another MAC address that you do not want in the Autho-
rized Address list. Thus, if you use the CLI to remove a MAC address that is
no longer authorized, you should first reduce the Address Limit (address-limit)
integer by 1, as shown in the next example. This prevents the possibility of the
same device or another device on the network from automatically being
accepted as "authorized" for that port. (You can prevent the port from learning
unauthorized MAC addresses by using the learn-mode configured option
instead of the learn-mode static option. Refer to the Note on page 9-6.)
To remove a device (MAC address) from the "Authorized" list and when the
current number of devices equals the Address Limit value, you should first
reduce the Address Limit value by 1, then remove the unwanted device.
When you have configured the switch for learn-mode static operation, you can
reduce the address limit below the number of currently authorized addresses
on a port. This enables you to subsequently remove a device from the "Autho-
rized" list without opening the possibility for an unwanted device to automat-
ically become authorized. (If you use learn-mode configured instead, the
switch cannot automatically add detected devices not included in the mac-
address configuration. Refer to the Note on page 9-6.)
For example, suppose port A1 is configured as shown below and you want to
remove 0c0090-123456 from the Authorized Address list:
ProCurve(config)# show port-security 1
Port Security
Port : 1
Learn Mode [Continuous] : Static
Action [None] : None
Authorized Addresses
--------------------
0c0090-123456
0c0090-456456
Figure 9-7. Example of Two Authorized Addresses on Port A1
Address Limit [1] : 2
When removing 0c0090-123456, first
reduce the Address Limit by 1 to prevent
the port from automatically adding another
device that it detects on the network.

Advertisement

Table Of Contents

   Related Manuals for HP Q.11.XX

This manual also for:

U.11.xx

Comments to this Manuals

Symbols: 0
Latest comments: