Configuring and Monitoring Port Security

Planning Port Security

Planning Port Security

1.Plan your port security configuration and monitoring according to the following:

a.On which ports do you want port security?

b.Which devices (MAC addresses) are authorized on each port and how many devices do you want to allow per port (up to 8)?

c.Within the devices-per-port limit, do you want to let the switch automatically accept devices it detects on a port, or do you want it to accept only the devices you explicitly specify? (For example, if you allow three devices on a given port, but specify only one MAC address for that port, do you want the switch to automatically accept the first two additional devices it detects, or not?)

d.For each port, what security actions do you want? (The switch automatically blocks intruders detected on that port from transmit- ting to the network.) You can configure the switch to (1) send intrusion alarms to an SNMP management station and to (2) option- ally disable the port on which the intrusion was detected.

e.How do you want to learn of the security violation attempts the switch detects? You can use one or more of these methods:

Through network management (That is, do you want an SNMP trap sent to a net management station when a port detects a security violation attempt?)

Through the switch’s Intrusion Log, available through the CLI, menu, and web browser interface

Through the Event Log (in the menu interface or through the CLI show log command)

2.Use the CLI or web browser interface to configure port security operating and address controls. The following table describes the parameters.

9-5

Page 235
Image 235
HP 2650 (J4899A/B), 4100gl, 2626 (J4900A/B), 2600-PWR, 6108 manual Planning Port Security