port-security
OVERVIEW
Port SecurityCategory:
configPrimary context:
show (page 511)Related Commands
show (page 511)
Usage: [no] port-security [ethernet] PORT-LIST
[learn-mode <continuous|static|congured|
limited-continuous|port-access>]
[address-limit <1-32>]
[mac-address MAC-ADDR [MAC-ADDR ...]]
[action <none|send-alarm|send-disable>]
[clear-intrusion-ag]
Description: Set the port-security operation(s) for each port in port list.
Parameters:
o learn-mode <continuous|static|congured|limited-continuous|port-access>
If 'continuous' is specied, the port continually learns new
addresses on the port. If 'static' is specied, the user
can congure addresses that are authorized to use on that port
and let the switch learn the remaining addresses up to the
specied address-limit. If 'congured' is specied, up
to address-limit congured addresses are authorized. Use the
'address-limit' parameter to specify the maximum number of
static addresses for the port.
The 'port-access' instructs the device to learn only the MAC
addresses authorized by 802.1X or Web/MAC authentication
subsystem. After a MAC address is authorized, only trafc
from the authorized MAC address is allowed.
If 'limited-continuous' is specied, the rst
'address-limit' source MAC addresses heard on this
port become the authorized addresses. When new authorized
addresses are learned, they are stored in a table. When
the table has reached its 'address-limit', any
new source MAC addresses received on the port
constitutes an intrusion. The authorized addresses in
this mode will age out of the system, therefore the
list of authorized addresses can be dynamic over time.
o address-limit <1-N> - This parameter is valid only when the learn-mode
is static, congured, or limited-continuous.
It denes the number of MAC address that the table for the
given port will hold. For static and congured N is equal
to 8. For limited-continuous N is equal to 32.
o mac-address MAC-ADDR ... - This 12-hex digit parameter is only valid
when the learn-mode is static. The parameter is used to congure
the addresses that are authorized to use the port. The maximum
number of authorized addresses that may be congured and
learned is 8. If the number of congured addresses is less
than the address-limit, the switch will learn the remaining
number of addresses. Several addresses can be specied in
one command line.
400© 2009 Hewlett-Packard Development Company, L.P.
