Configuring and Monitoring Port Security

Port Security Command Options and Operation

N o t e

You can reduce the address limit below the number of currently authorized

 

addresses on a port. This enables you to subsequently remove a device from

 

the “Authorized” list without opening the possibility for an unwanted device

 

to automatically become authorized.

 

For example, suppose port A1 is configured as shown below and you want to

 

 

remove 0c0090-123456 from the Authorized Address list:

When removing 0c0090-123456, first reduce the Address Limit by 1 to prevent the port from automatically adding another device that it detects on the network.

Figure 7-7. Example of Two Authorized Addresses on Port A1

The following command serves this purpose by removing 0c0090-123456 and reducing the Address Limit to 1:

HPswitch(config)# port-security a1 address-limit 1 HPswitch(config)# no port-security a1 mac-address 0c0090- 123456

The above command sequence results in the following configuration for port A1:

Figure 7-8. Example of Port A1 After Removing One MAC Address

7-14

Page 196
Image 196
HP 4100gl manual To automatically become authorized, Remove 0c0090-123456 from the Authorized Address list