Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Although the Address Limit is set to 2, only one device has been authorized for this port. In this case you can add another without having to also increase the Address Limit.

The Address Limit has not been reached.

With the above configuration for port 1, the following command adds the 0c0090-456456 MAC address as the second authorized address.

HP2512(config)# port-security 1 mac-address 0c0090-456456

After executing the above command, the security configuration for port 1 would be:

The Address Limit has been reached.

(The message Inconsistent value appears if the new MAC address exceeds the current Address Limit or specifies a device that is already on the list. Note that if you change a port from static to continuous learn mode, the port retains in memory any authorized addresses it had while in static mode. If you subsequently attempt to convert the port back to static mode with the same authorized address(es), the Inconsistent value message appears because the port already has the address(es) in its “Authorized” list.)

If you are adding a device (MAC address) to a port on which the Authorized Addresses list is already full (as controlled by the port’s current Address Limit setting), then you must increase the Address Limit in order to add the device, even if you want to replace one device with another. Using the CLI, you can simultaneously increase the limit and add the MAC address with a single command. For example, suppose port 1 allows one authorized device and already has a device listed:

Security, and Authorized

Using Passwords, Port

IP

 

 

 

7-19

Page 159
Image 159
HP 2500 manual HP2512config# port-security 1 mac-address 0c0090-456456