Configuring and Monitoring Port Security
Port Security Command Options and Operation
Syntax: port-security [e] < port-list > (- Continued -)
learn-mode < continuous | static | configured | port-access >
(- Continued -)
Configured:
The static-configured option operates the same
as the static-learn option on the preceding page, except that
it does not allow the switch to accept non-specified
addresses to reach the address limit. Thus, if you configure
an address llimit of 3, but only configure two MAC
addresses, the switch will handle as intruders all non-
specified MAC addresses it detects.
Note: As of September, 2003, this option is available in the HP
ProCurve Switch 2600 Series and the Switch 6108 running
software release H.07.30 (or greater), and the HP ProCurve
Switch 2800 Series. For availability in other switch products,
refer to the latest release notes for such products on the HP
ProCurve website. (Refer to
“Getting Documentation From the
Web” on page 1-9.)
Port-Access: Enables you to use Port Security with (802.1X)
Port-Based Access Control. Refer to “Configuring Port-
Based Access Control (802.1X)” on page 8-1.
address-limit < integer >
When Learn Mode is set to static (static-learn) or configured
(static-configured), this parameter specifies the number of
authorized devices (MAC addresses) to allow. Default: 1;
Range: 1 to 8.
mac-address < mac-addr >
Available for static (static-learn and configured-learn)
modes. Allows up to eight authorized devices (MAC
addresses) per port, depending on the value specified in
the
address-limit parameter.
•
If you use mac-address with learn-mode configured, but
enter fewer devices than you specified in the address-
limit field, the port accepts only the devices you specified
with mac-address. (See the Note, above.)
• If you use mac-address with learn-mode static, but enter
fewer devices than you specified in the address-limit
field, the port accepts the specified devices AND as many
other devices as it takes to reach the device limit.
9-8