KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

371

372

373

374

375

376

377

378

379

380

Example 16 Specifying MAC Address and intrusion responses

This example configures port A1 to automatically accept the first device (MAC address) it detects

as the only authorized device for that port. The default device limit is 1.It also configures the port

to send an alarm to a network management station and disable itself if an intruder is detected on

the port.

HP Switch(config)# port-security a1 learn-mode static action send-disable

The next example does the same as the preceding example, except that it specifies a MAC address

of 0c0090-123456 as the authorized device instead of allowing the port to automatically assign

the first device it detects as an authorized device.

HP Switch(config)# port-security a1 learn-mode static mac-address 0c0090-123456 action send-disable

This example configures port A5 to:

• Allow two MAC addresses, 00c100-7fec00 and 0060b0-889e00, as the authorized devices.

• Send an alarm to a management station if an intruder is detected on the port, but allow the

intruder access to the network.

HP Switch(config)# port-security a5 learn-mode static address-limit 2 mac-address 00c100-7fec00 0060b0-889e00

action send-alarm

If you manually configure authorized devices (MAC addresses) and/or an alarm action on a port,

those settings remain unless you either manually change them or the switch is reset to its

factory-default configuration. You can "turn off" authorized devices on a port by configuring the

port to continuous Learn Mode, but subsequently reconfiguring the port to static Learn Mode restores

those authorized devices.

Clear MAC address table

The following options allow learned MAC addresses to be removed from the MAC address table

as follows:

• Remove all MAC addresses.

• Remove all MAC address on a specified VLAN

• Remove all MAC addresses on a port

• Remove a specific MAC address on a specific VLAN

This functionality is also supported by SNMP.

Configuring Clearing of Learned MAC Addresses

Use the following commands to clear learned MAC addresses from a port or list of ports, a specific

VLAN, or to clear a specific MAC address from a VLAN.

Syntax:

clear mac-address port <port-list>

Removes MAC addresses that were learned on the specified port or ports in

<port-list> . Use all to remove all MAC addresses in the MAC address table.

HP Switch(config)# clear mac-address port 4-7

Syntax:

clear mac-address vlan <vid>

Removes all MAC addresses that were learned on the specified VLAN.

HP Switch(config)# clear mac-address vlan 2

Syntax:

clear mac-address vlan <vid> mac< mac-addr>

378 Port Security