Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
391392393394395396397398399400
Table 41 Learn Effect
EffectLearn mode
When Eavesdrop Prevention is disabled, the port transmits packets that have unknown destination
addresses. The port is secured and only a limited number of static MAC addresses are learned.
A device must generate traffic before the MAC address is learned and traffic is forwarded to it.
Static
The default. The Eavesdrop Prevention option does not apply because port security is disabled.
Ports forward traffic with unknown destination addresses normally.
Continuous
Disabling Eavesdrop Prevention is not applied to the port. There is no change.Port-access
When Eavesdrop Prevention is disabled, the port transmits packets that have unknown destination
addresses. The port is secured; MAC addresses age normally. Eavesdrop Prevention may cause
Limited-continuous
difficulties in learning MAC addresses (as with static MAC addresses) and cause serious traffic
issues when a MAC ages out.
When Eavesdrop Prevention is disabled, the port transmits packets that have unknown destination
addresses. The port is secured by a static MAC address. Eavesdrop Prevention should not cause
any issues because all valid MAC addresses have been configured.
Configured
Blocking unauthorized traffic
Unless you configure the switch to disable a port on which a security violation is detected, the
switch security measures block unauthorized traffic without disabling the port. This implementation
enables you to apply the security configuration to ports on which hubs, switches, or other devices
are connected, and to maintain security while also maintaining network access to authorized users.
Example
Figure 294 How port security controls access
NOTE: Broadcast and Multicast traffic is always allowed, and can be read by intruders connected
to a port on which you have configured port security.
Trunk group exclusion
Port security does not operate on either a static or dynamic trunk group. If you configure port
security on one or more ports that are later added to a trunk group, the switch will reset the port
security parameters for those ports to the factory-default configuration. Ports configured for either
Active or Passive LACP, and which are not members of a trunk, can be configured for port security.
Retention of static addresses
Static MAC addresses do not age-out. MAC addresses learned by using learn-mode
continuous or learn-mode limited-continuous age out according to the currently
Overview 399