KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

371

372

373

374

375

376

377

378

379

380

Enabling Dynamic IP Lockdown

To enable dynamic IP lockdown on all ports or specified ports, enter the ip source-lockdown

command at the global configuration level. Use the no form of the command to disable dynamic

IP lockdown.

Syntax

[no]ip source-lockdown <port-list>

Enables dynamic IP lockdown grobally on all ports or on specified ports on the

routing switch.

Removing MAC Addresses

To remove an address learned using either of the preceeding methods, do one of the following:

• Delete the address by using no port-security port-number mac-address mac-addr.

• Download a configuration file that does not include the unwanted MAC address assignment.

• Reset the switch to its factory-default configuration.

Assigned/authorized addresses

If you manually assign a MAC address (using port-security port-number address-list mac-addr)

and then execute write memory,the assigned MAC address remains in memory until you do one

of the following:

• Delete it by using no port-security port-number mac-address mac-addr.

• Download a configuration file that does not include the unwanted MAC address assignment.

• Reset the switch to its factory-default configuration.

Removing a MAC Address from the Authorized list for a port

This command option removes unwanted devices (MAC addresses) from the Authorized Addresses

list. An Authorized Address list is available for each port for which Learn Mode is currently set to

"Static". See the command syntax listing under “Configuring port security” (page 357).

CAUTION: When learn mode is set to static, the Address Limit (address-limit) parameter controls

how many devices are allowed in the Authorized Addresses (mac-address) for a given port. If you

remove a MAC address from the Authorized Addresses list without also reducing the Address Limit

by 1, the port may subsequently detect and accept as authorized a MAC address that you do not

intend to include in your Authorized Address list. Thus, if you use the CLI to remove a device that

is no longer authorized, it is recommended that you first reduce the Address Limit (address-limit)

integer by 1, as shown below. This prevents the possibility of the same device or another

unauthorized device on the network from automatically being accepted as "authorized" for that

port.

To remove a device (MAC address) from the "Authorized" list and when the current number of

devices equals the Address Limit value, you should first reduce the Address Limit value by 1, then

remove the unwanted device.

NOTE: You can reduce the address limit below the number of currently authorized addresses on

a port. This enables you to subsequently remove a device from the "Authorized" list without opening

the possibility for an unwanted device to automatically become authorized.

Example

Suppose port A1 is configured as shown below and you want to remove 0c0090-123456 from

the Authorized Address list:

376 Port Security