KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

391

392

393

394

395

396

397

398

399

400

• Learn-Mode

Specify how the port acquires authorized addresses.

◦ Limited-Continuous: Sets a finite limit (1 - 32) to the number of learned addresses allowed

per port.

◦ Continuous: Allows the port to learn addresses from inbound traffic from any connected

device. This is the default setting.

• Static: Enables you to set a fixed limit on the number of MAC addresses authorized for the

port and to specify some or all of the authorized addresses. (If you specify only some of the

authorized addresses, the port learns the remaining authorized addresses from the traffic it

receives from connected devices.)

• Configured: Requires that you specify all MAC addresses authorized for the port. The port is

not allowed to learn addresses from inbound traffic.

• Authorized (MAC) Addresses

Specify up to eight devices (MAC addresses) that are allowed to send inbound traffic through

the port. This feature:

• Closes the port to inbound traffic from any unauthorized devices that are connected to

the port.

• Provides the option for sending an SNMP trap notifying of an attempted security violation

to a network management station and, optionally, disables the port. (For more on

configuring the switch for SNMP management, see "Trap Receivers and Authentication

Traps" in the Management and Configuration Guide for your switch.)

• Port Access

Allows only the MAC address of a device authenticated through the switch 802.1X Port-Based

access control.

Eavesdrop prevention

Configuring port security on a given switch port automatically enables Eavesdrop Prevention for

that port. This prevents use of the port to flood unicast packets addressed to MAC addresses

unknown to the switch and blocks unauthorized users from eavesdropping on traffic intended for

addresses that have aged-out of the switch address table. (Eavesdrop Prevention does not affect

multicast and broadcast traffic; the switch floods these two traffic types out a given port regardless

of whether port security is enabled on that port.)

Disabling Eavesdrop Prevention

Traffic with an unknown destination address is blocked when port security is configured and

Eavesdrop Prevention is enabled. You can disable Eavesdrop Prevention on ports where it may

cause problems, such as on ports that are configured to use limited-continuous learning mode. See

“Configuring port security” (page 357) for more information on learning modes.

Feature interactions when Eavesdrop Prevention is disabled

The following table explains the various interactions between learning modes and Eavesdrop

Prevention when Eavesdrop Prevention is disabled.

NOTE: When the learning mode is "port-access", Eavesdrop Prevention will not be applied to

the port. However, it can still be configured or disabled for the port.

398 Port Security