Configuring and Monitoring Port Security

 

 

Port Security Command Options and Operation

 

 

 

Note

 

The message Inconsistent value appears if the new MAC address exceeds the

 

 

current Address Limit or specifies a device that is already on the list. If you

 

 

change a port from static to continuous learn mode, the port retains in memory

 

 

any authorized addresses it had while in static mode. If you subsequently

 

 

attempt to convert the port back to static mode with the same authorized

 

 

address(es), the Inconsistent value message appears because the port

 

 

already has the address(es) in its “Authorized” list.

 

 

If you are adding a device (MAC address) to a port on which the Authorized

 

 

 

 

Addresses list is already full (as controlled by the port’s current Address Limit

 

 

setting), then you must increase the Address Limit in order to add the device,

 

 

even if you want to replace one device with another. Using the CLI, you can

 

 

simultaneously increase the limit and add the MAC address with a single

 

 

command. For example, suppose port A1 allows one authorized device and

 

 

already has a device listed:

 

 

 

 

 

 

Figure 9-6. Example of Port Security on Port A1 with an Address Limit of “1”

To add a second authorized device to port A1, execute a port-securitycommand for port A1 that raises the address limit to 2 and specifies the additional device’s MAC address. For example:

ProCurve(config)# port-security a1 mac-address 0c0090- 456456 address-limit 2

Removing a Device From the “Authorized” List for a Port Configured for Learn-Mode Static. This command option removes unwanted devices (MAC addresses) from the Authorized Addresses list. (An Authorized Address list is available for each port for which Learn Mode is currently set to “Static”. See the “MAC Address” entry in the table on 9-8.)

9-15