Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

 

Configuring and Monitoring Port Security

 

 

Parameter

Description

 

 

 

 

Device

address-limit <integer>

Limit

When Learn Mode is set to Static, specifies how many authorized devices (MAC addresses) to allow. Range:

 

1 (the default) to 8.

 

 

 

Action

action <none send-alarm send-disable>

 

Specifies whether an SNMP trap is sent to a network management station when Learn Mode is set to static

 

and the port detects an unauthorized device, or when Learn Mode is set to continuous and there is an address

 

change on a port.

 

None (the default): Prevents an SNMP trap from being sent.

 

Send Alarm: Causes the switch to send an SNMP trap to a network management station.

 

Send Alarm and Disable: Available only in the static learn-mode. Causes the switch to send an SNMP trap

 

to a network management station and disable the port.

 

For information on configuring the switch for SNMP management, see chapter 8.

 

 

 

Address

mac-address <mac-addr>

Available for static learn mode. Allows up to eight authorized devices (MAC addresses) per port, depending

List

 

on the value specified in the address-limitparameter.

 

If you use mac-addresswith static, but enter fewer devices than you specified in the address-limitfield, the

 

port accepts not only your specified devices, but also as many other devices as it takes to reach the device

 

limit. For example, if you specify four devices, but enter only two MAC addresses, the port will accept the

 

first two non-specified devices it detects, along with the two specifically authorized devices.

 

 

 

Clear

clear-intrusion-flag

Intrusion

Clears the intrusion flag for a specific port. (See “Reading Intrusion Alerts and Resetting Alert Flags” on page

Flag

7-22.)

 

 

 

 

Security, and Authorized

Using Passwords, Port

IP

 

 

 

7-15

Page 155
Image 155
HP 2500 manual Address-limit integer, Mac-address mac-addr, Clear-intrusion-flag