9-7
Configuring and Monitoring Port Security
Port Security Command Options and Operation
Syntax:
port-security [e] <
port-list
>
learn-mode < continuous | static | configured | port-access >
Continuous
(Default)
:
Appears in the factory-default
setting or when you execute
no port-security.
Allows the port
to learn addresses from inbound traffic from any
device(s) to which it is connected. In this state, the port
accepts traffic from any device(s) to which it is
connected. Addresses learned this way appear in the
switch and port address tables and age out according to
the
MAC Age
Interval
in the System Information configura-
tion screen of the Menu interface or the
show system-
information
listing
.
Static:
The static-learn option enables you to use the
mac-
address
parameter to specify the MAC addresses of the
devices authorized for a port, and the
address-limit
parameter to specify the number of MAC addresses
authorized for the port. You can authorize specific
devices for the port, while still allowing the port to accept
other, non-specified devices until the port reaches the
configured address limit. That is, if you enter fewer MAC
addresses than you authorized, the port fills the
remainder of the address allowance with MAC addresses
it automatically learns. For example, if you specify three
authorized devices, but enter only one authorized MAC
address, the port adds the one specifically authorized
MAC address to its authorized-devices list and the first
two additional MAC addresses it detects. If, for example:
–
You authorize MAC address
0060b0-880a80
on port A4
.
– You allow three devices on port A4, but the port
detects these MAC addresses:
1.
080090-1362f2
3.
080071-0c45a1
2.
00f031-423fc1
4.
0060b0-880a80
(the authorized
address.)
Port A4 then has the following list of authorized
addresses:
080090-1362f2
(The first address detected.)
00f031-423fc1
(The second address detected.)
0060b0-880a80
(The authorized address.)
The remaining MAC address,
080071-0c45a1
, is an intruder.
See also “Retention of Static Addresses” on page 9-10.
Caution:
When you use
learn-mode static
with a device limit
greater than the number of MAC addresses you specify with
mac-address, an unwanted device can become “authorized”.
This can occur because the port, in order to fulfill the number of
devices allowed by
address-limit
, automatically adds devices it
detects until it reaches the specified limit.
Содержание ProCurve 2510G Series
Страница 1: ...Access Security Guide www procurve com ProCurve Series 2510G Switches Y 11 XX ...
Страница 2: ......
Страница 3: ...ProCurve Series 2510G Switches Access Security Guide June 2008 ...
Страница 12: ...x ...
Страница 26: ...1 10 Getting Started Need Only a Quick Start ...
Страница 105: ...4 31 TACACS Authentication Configuring TACACS on the Switch ...
Страница 106: ...4 32 TACACS Authentication Configuring TACACS on the Switch ...
Страница 176: ...6 30 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Страница 198: ...7 22 Configuring Secure Socket Layer SSL Common Errors in SSL Setup ...
Страница 296: ...9 40 Configuring and Monitoring Port Security Configuring Protected Ports ...
Страница 310: ...10 14 Using Authorized IP Managers Operating Notes ...
Страница 318: ...8 Index ...
Страница 319: ......