Port security techniques
- we use the HP "port-security" features
- we do not use "MAC lockdown", which applies to a MAC address wherever it might appear on a switch
- port-security restricts the MAC addresses on a per-port basis
- MAC lockdown is to prevent a MAC from being used anywhere, port-security is to enable a specific MAC
- the particular style of port-security we use is "learn-mode static address-limit 1" which effectively causes the switch to learn whatever is plugged into a port at the time the command is issued, and allows no other MAC address
- so we have to make sure that the right things are plugged in when port-security is enabled
CLI (and ONA command interface)
- to enable with the switch CLI:
- port-security ## learn-mode static address-limit 1 action send-alarm
- to disable
- no port-security ##
- ## is a port number or a range of port numbers start - end
ONA
- ONA supports port security with its "MaxMACs" setting of 1
Device changeout with ONA
- remove the device from the port
- set MaxMACs to 0
- press "ClearMACs"
- plug in the new device
- set MaxMACs back to 1
Topic revision: r1 - 2010-10-19 - TrevorGrove
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
- CF Web
- CF Web Home
- Changes
- Index
- Search
- Administration
- Communication
- Hardware
- HelpDeskGuide
- Infrastructure
- InternalProjects
- Linux
- MachineNotes
- Macintosh
- Management
- Networking
- Printing
- Research
- Security
- Software
- Solaris
- StaffStuff
- TaskGroups
- TermGoals
- Teaching
- UserSupport
- Vendors
- Windows
- XHier
- Other Webs
- My links
 |
|
Copyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback