HP (Hewlett-Packard) 2600 Switch User Manual


 
Configuring and Monitoring Port Security
Overview
General Operation for Port Security. On a per-port basis, you can
configure security measures to block unauthorized devices, and to send notice
of security violations. Once you have configured port security, you can then
monitor the network for security violations through one or more of the
following:
Alert flags that are captured by network management tools
Alert Log entries in the switch’s web browser interface
Event Log entries in the console interface
Intrusion Log entries in either the menu interface, CLI, or web
browser interface
For any port, you can configure the following:
Authorized (MAC) Addresses: Specify up to eight devices (MAC
addresses) that are allowed to send inbound traffic through the port.
This feature:
Closes the port to inbound traffic from any unauthorized devices
that are connected to the port.
Provides the option for sending an SNMP trap notifying of an
attempted security violation to a network management station
and, optionally, disables the port. (For more on configuring the
switch for SNMP management, refer to “Trap Receivers and
Authentication Traps” in the Management and Configuration
Guide for your switch.)
Blocking Unauthorized Traffic
Unless you configure the switch to disable a port on which a security violation
is detected, the switch security measures block unauthorized traffic without
disabling the port. This implementation enables you to apply the security
configuration to ports on which hubs, switches, or other devices are
connected, and to maintain security while also maintaining network access to
authorized users. For example:
9-3