Configuring and Monitoring Port Security

Port Security Command Options and Operation

The following command example shows the option for entering a range of ports, including a series of non-contiguous ports. Note that no spaces are allowed in the port number portion of the command string:

ProCurve(config)# show port-security A1-A3,A6,A8

Configuring Port Security

Using the CLI, you can:

Configure port security and edit security settings.

Add or delete devices from the list of authorized addresses for one or more ports.

Clear the Intrusion flag on specific ports

Syntax: port-security [e] < port-list >

[learn-mode < continuous static configured port-access >] [address-limit < integer >]

[mac-address < mac-addr >] [< mac-addr> . . . < mac-addr>] [action < none send-alarm send-disable >] [clear-intrusion-flag]

(For the configured option, above, refer to the Note on page 9-6.

no port-security < port-list> mac-address < mac-addr> [< mac-addr> . . .

<mac-addr >]

Specifying Authorized Devices and Intrusion Responses

Learn-Mode Static. This example configures port A1 to automatically accept the first device (MAC address) it detects as the only authorized device for that port. (The default device limit is 1.) It also configures the port to send an alarm to a network management station and disable itself if an intruder is detected on the port.

ProCurve(config)# port-security a1 learn-mode static action send-disable

The next example does the same as the preceding example, except that it specifies a MAC address of 0c0090-123456 as the authorized device instead of allowing the port to automatically assign the first device it detects as an authorized device.

9-12