HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 407
Port Security, Basic Operation
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 407 highlights
Configuring and Monitoring Port Security Port Security Port Security Basic Operation Default Port Security Operation. The default port security setting for each port is off, or "continuous". That is, any device can access a port without causing a security reaction. Intruder Protection. A port that detects an "intruder" blocks the intruding device from transmitting to the network through that port. Eavesdrop Protection. Using either the port-security command or the switch's web browser interface to enable port security on a given port automatically enables eavesdrop prevention on that port. General Operation for Port Security. On a per-port basis, you can configure security measures to block unauthorized devices, and to send notice of security violations. Once port security is configured, you can then monitor the network for security violations through one or more of the following: ■ Alert flags that are captured by network management tools such as ProCurve Manager (PCM and PCM+) ■ Alert Log entries in the switch's web browser interface ■ Event Log entries in the console interface ■ Intrusion Log entries in the menu interface, CLI, or web browser interface For any port, you can configure the following: ■ Action: Used when a port detects an intruder. Specifies whether to send an SNMP trap to a network management station and whether to disable the port. ■ Address Limit: Sets the number of authorized MAC addresses allowed on the port. ■ Learn-Mode: Specify how the port acquires authorized addresses. • Continuous: Allows the port to learn addresses from inbound traffic from any connected device. This is the default setting. • Limited-Continuous: Sets a finite limit (1 - 32) to the number of learned addresses allowed per port. 11-4