EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #205 background imageLoading...
Page #205 background image
192
When the maximum number of secure MAC address entries is reached, the port changes to secure
mode. In secure mode, the port cannot add or learn any more secure MAC addresses. The port
allows only frames sourced from secure MAC addresses or MAC addresses configured by using the
mac-address dynamic or mac-address static command to pass through.
Table 16 A comparison of static, sticky, and dynamic secure MAC addresses
Type Address sources Aging mechanism
Can be saved
an
d survive a
device reboot?
Static
Manually added (by using the
port-security
mac-address
security
command without
the
sticky
keyword).
Not available.
The static addresses
never age out
unless you perform any of the following
tasks:
• Manually remove these MAC
addresses.
• Change the port security mode.
• Disable the port security feature.
Yes.
Sticky
• Manually added (by
using the port-security
mac-address security
command with the
sticky keyword).
• Converted from dynamic
secure MAC addresses.
• A
utomatically learned
when the dynamic
secure MAC feature
(port-security
mac-address dynamic)
is disabled.
By default, sticky MAC addresses do not
age out. However, you can configure an
aging timer or use the aging timer
together with the inactivity aging feature
to delete old sticky MAC addresses.
• If only the aging timer is configured,
the
aging timer counts up
regardless of whether traffic data
has been sent from the sticky MAC
address.
•
If both the aging timer and the
inactivity aging feature are
configured, the aging timer restarts
once traffic data is detected from
the sticky MAC address.
Yes.
T
he secure MAC
aging timer restarts
at a reboot.
Dynamic
•
Converted from sticky
MAC addresses.
• A
utomatically learned
after the dynamic secure
MAC feature is enabled.
Same as sticky MAC addresses.
No.
All dynamic secure
MAC addresses are
lost at reboot.
Configuration prerequisites
Before you configure secure MAC addresses, complete the following tasks:
• Enable port security.
• Set port security's limit on the number of MAC addresses on the port. Perform this task before
you enable autoLearn mode.
• Set the port security mode to autoLearn.
• Configure the port to permit packets of the specified VLAN to pass or add the port to the VLAN.
Make sure the VLAN already exists.
Configuration procedure
To configure a secure MAC address:

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals