14-21
Configuring and Monitoring Port Security
Port Security
To add a second authorized device to port 1, execute a port-security command
for port A1 that raises the address limit to 2 and specifies the additional
device’s MAC address. For example:
HP Switch(config)# port-security 1 mac-address 0c0090-
456456 address-limit 2
Removing a Device From the “Authorized” List for a Port. This
command option removes unwanted devices (MAC addresses) from the
Authorized Addresses list. (An Authorized Address list is available for each
port for which Learn Mode is currently set to “Static”. Refer to the command
syntax listing under “Configuring Port Security” on page 14-12.)
Caution When learn mode is set to static, the Address Limit (address-limit) parameter
controls how many devices are allowed in the Authorized Addresses (mac-
address) for a given port. If you remove a MAC address from the Authorized
Addresses list without also reducing the Address Limit by 1, the port may
subsequently detect and accept as authorized a MAC address that you do not
intend to include in your Authorized Address list. Thus, if you use the CLI to
remove a device that is no longer authorized, it is recommended that you first
reduce the Address Limit (address-limit) integer by 1, as shown below. This
prevents the possibility of the same device or another unauthorized device on
the network from automatically being accepted as “authorized” for that port.
To remove a device (MAC address) from the “Authorized” list and when the
current number of devices equals the Address Limit value, you should first
reduce the Address Limit value by 1, then remove the unwanted device.
Note You can reduce the address limit below the number of currently authorized
addresses on a port. This enables you to subsequently remove a device from
the “Authorized” list without opening the possibility for an unwanted device
to automatically become authorized.
For example, suppose port A1 is configured as shown below and you want to
remove 0c0090-123456 from the Authorized Address list:
To Next Page
Loading...
