EasyManuals Logo

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #147 background imageLoading...
Page #147 background image
134
To enable port security traps:
Step Command Remarks
1. Enter system
view.
system-view
N/A
2. Enable port
security traps.
port-security trap
{
addresslearned
|
dot1xlogfailure
|
dot1xlogoff
|
dot1xlogon
|
intrusion
|
ralmlogfailure
|
ralmlogoff
|
ralmlogon
}
By default, port security
traps are disabled.
Configuring secure MAC addresses
Secure MAC addresses are configured or learned in autoLearn mode and can survive link down/up
events. You can bind a secure MAC address to only one port in a VLAN.
IMPORTANT:
When the maximum number of secure MAC address entries is reached, the port changes to secure
mode, and no more secure MAC addresses can be added or learned. The port allows only frames
sourced from a secure MAC address or a MAC address configured by using the mac-address
dynamic or mac-address static command to pass through.
Secure MAC addresses are divided into static, sticky, and dynamic secure MAC addresses.
Table 10 A comparison of static, sticky, and dynamic secure MAC addresses
Type Address sources Aging mechanism
Can be saved and
survive a device
reboot?
Static Manually added
Not available.
They never age out unless you manually
remove them, change the port security mode,
or disable the port security feature.
Yes.
Sticky
Manually added,
converted from
dynamic secure
MAC addresses, or
automatically
learned when the
dynamic secure
MAC function
(
port-security
mac-address
dynamic
) is
disabled.
Sticky MAC addresses by default do not age
out, but you can configure an aging timer or
use the aging timer together with the inactivity
aging function to delete old sticky MAC
addresses:
• If only an aging timer is configured, the
aging timer counts up regardless of
whether traffic data has been sent from
the sticky MAC address.
• If both an aging timer and the inactivity
aging function are configured, the aging
timer restarts once traffic data is detected
from the sticky MAC address.
Yes.
The secure MAC
aging timer restarts at
a reboot.
Dynamic
Converted from
sticky MAC
addresses or
automatically
learned after the
dynamic secure
MAC function is
enabled.
Same as sticky MAC addresses.
No.
All dynamic secure
MAC addresses are
lost at reboot.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals