Access Security Guide K/KA/KB.15.15
An alternate method of determining the current Instrumentation Monitor configuration is to use the
show run command. However, the show run command output does not display the threshold values
for each limit set.
Using Port Security
Enabling port security eavesdrop-prevention
Syntax:
[no] port-security port-list eavesdrop-prevention
With port security enabled, the port is prevented form transmitting packets that have
unknown destination addresses. Only devices attached to the port receive packets
intended for them.
This option does not apply to a learning mode of port-access or
continuous.See “Configuring port security” (page 357) for more information on
learning modes.
Default: Enabled.
Figure 268 Show port-security command displaying eavesdrop prevention
MIB support
The following MIB support is provided for Eavesdrop Prevention.
hpSecPtPreventEavesdrop OBJECT-TYPE
SYNTAX INTEGER {
enable (1),
disable (2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If enabled on a switch, outbound unknown unicast packets will not be forwarded out this port. If
enabled on a repeater, outbound unknown unicast packets for this port will be scrambled.
::= { hpSecurePortEntry 5 }
See “Eavesdrop prevention” (page 398) for more information.
Enabling DHCP snooping
DHCP snooping is enabled globally by entering this command:
HP Switch(config)# dhcp-snooping
Use the no form of the command to disable DHCP snooping.
Using Port Security 369