Configuring and Monitoring Port Security

Port Security

Delete it by using no port-security < port-number> mac-address < mac-addr>.

Download a configuration file that does not include the unwanted MAC address assignment.

Reset the switch to its factory-default configuration.

Specifying Authorized Devices and Intrusion Responses. Thisexample configures port A1 to automatically accept the first device (MAC address) it detects as the only authorized device for that port. (The default device limit is 1.) It also configures the port to send an alarm to a network management station and disable itself if an intruder is detected on the port.

ProCurve(config)# port-security a1 learn-mode static action send-disable

The next example does the same as the preceding example, except that it specifies a MAC address of 0c0090-123456 as the authorized device instead of allowing the port to automatically assign the first device it detects as an authorized device.

ProCurve(config)# port-security a1 learn-mode static mac-address 0c0090-123456 action send-disable

This example configures port A5 to:

Allow two MAC addresses, 00c100-7fec00 and 0060b0-889e00, as the authorized devices.

Send an alarm to a management station if an intruder is detected on the port, but allow the intruder access to the network.

ProCurve(config)# port-security a5 learn-mode static address-limit 2 mac-address 00c100-7fec00 0060b0-889e00 action send-alarm

If you manually configure authorized devices (MAC addresses) and/or an alarm action on a port, those settings remain unless you either manually change them or the switch is reset to its factory-default configuration. You can “turn off” authorized devices on a port by configuring the port to continuous Learn Mode, but subsequently reconfiguring the port to static Learn Mode restores those authorized devices.

11-18