KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

401

402

403

404

405

406

407

408

409

410

NOTE: On a given port, if the intrusion action is to send an SNMP trap and then disable the

port (send-disable), and an intruder is detected on the port, then the switch sends an SNMP trap,

sets the port's alert flag, and disables the port. If you re-enable the port without resetting the port's

alert flag, then the port operates as follows:

• The port comes up and will block traffic from unauthorized devices it detects.

• If the port detects another intruder, it will send another SNMP trap, but will not become disabled

again unless you first reset the port's intrusion flag.

This operation enables the port to continue passing traffic for authorized devices while you take

the time to locate and eliminate the intruder. Otherwise, the presence of an intruder could cause

the switch to repeatedly disable the port.

Operating notes for port security

Identifying the IP address of an intruder

The Intrusion Log lists detected intruders by MAC address. If you are using HP PCM+ to manage

your network, you can use the device properties page to link MAC addresses to their corresponding

IP addresses.

Proxy Web servers

If you are using the WebAgent through a switch port configured for Static port security, and your

browser access is through a proxy web server, then it is necessary to do the following:

• Enter your PC or workstation MAC address in the port's Authorized Addresses list.

• Enter your PC or workstation's IP address in the switch IP Authorized Managers list. See "Using

Authorized IP Managers" in the Management and Configuration Guide for your switch.

Without both of the above configured, the switch detects only the proxy server's MAC address,

and not your PC or workstation MAC address, and interprets your connection as unauthorized.

"Prior To" entries in the intrusion log

If you reset the switch (using the Reset button, Device Reset, or Reboot Switch), the Intrusion Log

will list the time of all currently logged intrusions as "prior to" the time of the reset.

Alert flag status for entries forced off of the intrusion log

If the Intrusion Log is full of entries for which the alert flags have not been reset, a new intrusion

will cause the oldest entry to drop off the list, but will not change the alert flag status for the port

referenced in the dropped entry. This means that, even if an entry is forced off of the Intrusion Log,

no new intrusions can be logged on the port referenced in that entry until you reset the alert flags.

LACP not available on ports configured for port security

To maintain security, LACP is not allowed on ports configured for port security. If you configure

port security on a port on which LACP (active or passive) is configured, the switch removes the

LACP configuration, displays a notice that LACP is disabled on the port(s), and enables port security

on that port. For example:

HP Switch(config)# port-security e a17 learn-mode static address-limit 2

LACP has been disabled on secured port(s).

HP Switch(config)#

The switch will not allow you to configure LACP on a port on which port security is enabled. For

example:

HP Switch(config)# int e a17 lacp passive

Error configuring port A17: LACP and port security cannot be run together.

HP Switch(config)#

410 Port Security