System information

ManualsBrandsProCurve ManualsComputer equipment3400cl

241

242

243

244

245

246

247

248

249

250

Configuring and Monitoring Port Security

Port Security

• Limited-Continuous: Sets a finite limit ( 1 - 32 ) to the number of

learned addresses allowed per port.

• Static: Enables you to set a fixed limit on the number of MAC

addresses authorized for the port and to specify some or all of the

authorized addresses. (If you specify only some of the authorized

addresses, the port learns the remaining authorized addresses from

the traffic it receives from connected devices.)

• Configured: Requires that you specify all MAC addresses authorized

for the port. The port is not allowed to learn addresses from inbound

traffic.

■ Authorized (MAC) Addresses: Specify up to eight devices (MAC

addresses) that are allowed to send inbound traffic through the port. This

feature:

• Closes the port to inbound traffic from any unauthorized devices

that are connected to the port.

• Provides the option for sending an SNMP trap notifying of an

attempted security violation to a network management station

and, optionally, disables the port. (For more on configuring the

switch for SNMP management, see “Trap Receivers and Authen-

tication Traps” in the Management and Configuration Guide for

your switch.)

■ Port Access: Allows only the MAC address of a device authenticated

through the switch’s 802.1x Port-Based access control. Refer to

“Config-

uring Port-Based Access Control (802.1x)” on page 9-1.

For configuration details, refer to “Configuring Port Security” on page 10-10.

Eavesdrop Protection (Series 5300xl Switches Only)

Configuring port security on a given Series 5300xl switch port automatically

enables eavesdrop protection for that port. This prevents use of the port to

flood unicast packets addressed to MAC addresses unknown to the switch.

This blocks unauthorized users from eavesdropping on traffic intended for

addresses that have aged-out of the switch’s address table. (Eavesdrop pre-

vention does not affect multicast and broadcast traffic, meaning that the

switch floods these two traffic types out a given port regardless of whether

port security is enabled on that port.)

Note On the Series 5300xl switches, eavesdrop protection is available beginning

with software release E.08.07. As of September, 2004, eavesdrop protection is

not available on the Series 3400cl switches.

10-4