HP (Hewlett-Packard) 2600 Series Switch User Manual


 
9-5
Configuring and Monitoring Port Security
Planning Port Security
Planning Port Security
1. Plan your port security configuration and monitoring according to the
following:
a. On which ports do you want port security?
b. Which devices (MAC addresses) are authorized on each port and
how many devices do you want to allow per port (up to 8)?
c. Within the devices-per-port limit, do you want to let the switch
automatically accept devices it detects on a port, or do you want it
to accept only the devices you explicitly specify? (For example, if
you allow three devices on a given port, but specify only one MAC
address for that port, do you want the switch to automatically accept
the first two additional devices it detects, or not?)
d. For each port, what security actions do you want? (The switch
automatically blocks intruders detected on that port from transmit-
ting to the network.) You can configure the switch to (1) send
intrusion alarms to an SNMP management station and to (2) option-
ally disable the port on which the intrusion was detected.
e. How do you want to learn of the security violation attempts the
switch detects? You can use one or more of these methods:
Through network management (That is, do you want an
SNMP trap sent to a net management station when a port
detects a security violation attempt?)
Through the switch’s Intrusion Log, available through the
CLI, menu, and web browser interface
Through the Event Log (in the menu interface or through the
CLI show log command)
2. Use the CLI or web browser interface to configure port security operating
and address controls. The following table describes the parameters.