Configuring and Monitoring Port Security
Port Security Command Options and Operation
ProCurve(config)# port-security a1 learn-mode static mac-address 0c0090-123456 action send-disable
This example configures port A5 to:
■Allow two MAC addresses, 00c100-7fec00 and 0060b0-889e00, as the authorized devices.
■Send an alarm to a management station if an intruder is detected on the port.
ProCurve(config)# port-security a5 learn-mode static address-limit 2 mac-address 00c100-7fec00 0060b0-889e00 action send-alarm
If you manually configure authorized devices (MAC addresses) and/or an alarm action on a port, those settings remain unless you either manually change them or reset the switch to its factory-default configuration. You can “turn off” device authorization on a port by configuring the port to continuous Learn Mode, but subsequently reconfiguring the port to static Learn Mode restores the configured device authorization.
Learn-Mode Configured. This option allows only MAC addresses specifically configured with learn-mode configured mac-address < mac-address>, and does not automatically learn non-specified MAC addresses learned from the network. This example configures port A1 to:
■Allow only a MAC address of 0c0090-123456 as the authorized device
■Reserve the option for adding two more specified MAC addresses at a later time without having to change the address-limit setting.
■Send an alarm to a management station if an intruder is detected on the port.
ProCurve(config)# port-security A1 learn-mode configured mac-address 0c0090-123456 address-limit 3 action send- disable
Adding a MAC Address to an Existing Port List
To simply add a device (MAC address) to a port’s existing Authorized Addresses list, enter the port number with the mac-addressparameter and the device’s MAC address. This assumes that Learn Mode is either static or configured and the Authorized Addresses list is not already full (as deter-