KB.15.15

Figure 282 Adding a second authorized device to a port

The message Inconsistent value appears if the new MAC address exceeds the current Address Limit

or specifies a device that is already on the list. Note that if you change a port from static to

continuous learn mode, the port retains in memory any authorized addresses it had while in static

mode. If you subsequently attempt to convert the port back to static mode with the same authorized

address(es), the Inconsistent value message appears because the port already has the address(es)

in its "Authorized" list.

If adding a device (MAC address) to a port on which the Authorized Addresses list is already full

(as controlled by the port’s current Address Limit setting), then increase the Address Limit in order

to add the device, even if replacing one device with another. Using the CLI, you can simultaneously

increase the limit and add the MAC address with a single command.

For example, suppose port A1 allows one authorized device and already has a device listed:

Figure 283 Port security on port A1 with an address limit of "1"

To add a second authorized device to port A1, execute a port-security command for port A1 that

raises the address limit to 2 and specifies the additional device's MAC address. For example:

HP Switch(config)# port-security a1 mac-address 0c0090-456456 address-limit 2

Checking for intrusions, listing intrusion alerts, and resetting alert flags (CLI)

The following commands display port status, including whether there are intrusion alerts for any

ports, list the last 20 intrusions, and either reset the alert flag on all ports or for a specific port for

which an intrusion was detected. The record of the intrusion remains in the log. For more information,

see “Operating notes for port security” (page 410).

Syntax:

show interfaces brief

List intrusion alert status (and other port status information)'.

Using Port Security 383