KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

391

392

393

394

395

396

397

398

399

400

configured MAC age time. For information on the mac-age-time command, see "Interface

Access and System Information" in the Management and Configuration Guide for your switch.

Learned addresses

In the following two cases, a port in Static learn mode retains a learned MAC address even if you

later reboot the switch or disable port security for that port:

• The port learns a MAC address after you configure the port for Static learn mode in both the

startup-config file and the running-config file (by executing the write memory command).

• The port learns a MAC address after you configure the port for Static learn mode in only the

running-config file and, after the address is learned, you execute write memory to configure

the startup-config file to match the running-config file.

To remove an address learned using either of the preceding methods, do one of the following:

• Delete the address by using no port-security < port-number > mac-address < mac-addr >.

• Download a configuration file that does not include the unwanted MAC address assignment.

• Reset the switch to its factory-default configuration.

Assigned/Authorized Addresses.

If you manually assign a MAC address (using port-security <port-number>address-list <mac-addr>)

and then execute write memory, the assigned MAC address remains in memory until you do one

of the following:

• Delete it by using no port-security < port-number > mac-address < mac-addr >

• Download a configuration file that does not include the unwanted MAC address assignment.

• Reset the switch to its factory-default configuration.

Specifying Authorized Devices and Intrusion Responses

This example configures port A1 to automatically accept the first device (MAC address) it detects

as the only authorized device for that port. (The default device limit is 1.) It also configures the port

to send an alarm to a network management station and disable itself if an intruder is detected on

the port.

HP Switch(config)# port-security a1 learn-mode static

action send-disable

The next example does the same as the preceding example, except that it specifies a MAC address

of 0c0090-123456 as the authorized device instead of allowing the port to automatically assign

the first device it detects as an authorized device.

HP Switch(config)# port-security a1 learn-mode static

mac-address 0c0090-123456 action send-disable

This example configures port A5 to:

• Allow two MAC addresses, 00c100-7fec00 and 0060b0-889e00, as the authorized devices.

• Send an alarm to a management station if an intruder is detected on the port, but allow the

intruder access to the network.

HP Switch(config)# port-security a5 learn-mode static

address-limit 2 mac-address 00c100-7fec00 0060b0-889e00

action send-alarm

If you manually configure authorized devices (MAC addresses) and/or an alarm action on a port,

those settings remain unless you either manually change them or the switch is reset to its

factory-default configuration. You can “turn off” authorized devices on a port by configuring the

port to continuous Learn Mode, but subsequently reconfiguring the port to static Learn Mode restores

those authorized devices.

400 Port Security