KB.15.15

}

MAX-ACCESS read-write

STATUS current

DESCRIPTION “If enabled on a switch, outbound unknown unicast

packets will not be forwarded out this port. If

enabled on a repeater, outbound unknown unicast

packets for this port will be scrambled.::= { hpSecurePortEntry 5

}

Blocked unautrhorized traffic

Unless you configure the switch to disable a port on which a security violation is detected, the

switch security measures block unauthorized traffic without disabling the port. This implementation

enables you to apply the security configuration to ports on which hubs, switches, or other devices

are connected, and to maintain security while also maintaining network access to authorized users.

For example:

Figure 258 How port security controls access

NOTE: Broadcast and Multicast traffic is always allowed, and can be read by intruders connected

to a port on which you have configured port security.

Trunk Group Exclusion

Port security does not operate on either a static or dynamic trunk group. If you configure port

security on one or more ports that are later added to a trunk group, the switch will reset the port

security parameters for those ports to the factory-default configuration. (Ports configured for either

Active or Passive LACP, and which are not members of a trunk, can be configured for port security.)

Configuring Trusted Ports for Dynamic ARP Protection

To configure one or more Ethernet interfaces that handle VLAN traffic as trusted ports, enter the

arp-protect trust command at the global configuration level. The switch does not check ARP requests

and responses received on a trusted port.

Syntax

[no]arp-protect trust <port-list>

port-list

Specifies a port number or a range of port numbers. Separate individual port

numbers or ranges of port numbers with a comma; for example: c1-c3, c6.

An example of the arp-protect trust command is shown here:

HP Switch(config)# arp-protect trust b1-b4, d1

Configuring 361