HP Switch Port Security Configuration CLI

Sharing is caring!

I hope we all know how to login to Switch by telnet or putty etc. After successful logon

Type Config t or config terminal to be in configuration mode

Following can display you existing port security  settings

show port-security 1-3, 45, 8 

To Configure port security and edit security settings, Add or delete devices from the list

Syntax:

port-security

[learn-mode continuous]

[learn-mode static]

[action ]

[clear-intrusion-flag]

Examples:

To Remove the port security

no port-security

(config)# port-security (Port-List) learn-mode configured address-limit (No of Address bind to the port-list) Mac-address(MAC Address) Action send-disable.

 

Eg: (config)# port-security 28 learn-mode configured address-limit 3 mac-address 0016ea-834254 0017ea-834254 action send-disable

Removing MAC Address from the list

Command:

(config)# port-security (port-list) address-limit (Mac Address Limit After deleting the intended Mac’s)

(config)# no port-security (port-list) mac-address (MAC Address)

Eg: (config)# port-security 20 address-limit 2

(config)# no port-security 20 mac-address 001f3c-1d7adb

 

After assigning Port security if you plug any PC that the MAC address is not in the

Port list the network port will be locked and cannot access it until enabling that port

How to unlock the port

Command:


(config)# interface ethernet (Port-List)


(eth-Port no)# disable


(eth-Port no)# enable


Eg: (config)# interface ethernet 20


(eth-20)# disable


ES-HPSW48-01(eth-20)# enable

 


Port security have  Following parameters (For information on the individual control parameters)

·         Action: Used when a port detects an intruder. Specifies whether to send an SNMP trap to a network management station and whether to disable the port.

·         Address Limit: Sets the number of authorized MAC addresses allowed on the port.

·         Learn-Mode: Specify how the port acquires authorized addresses.

·         Continuous : Allows the port to learn addresses from inbound traffic from any connected device. This is the default setting.

·         Limited-Continuous: Sets a finite limit ( 1 – 32 ) to the number of learned addresses allowed per port.

·         Static: Enables the user to set a fixed limit on the number of MAC addresses authorized for the port and to also specify some or all of the authorized addresses. (If only some of the authorized addresses are specified, the port learns the remaining authorized addresses from the traffic received from connected devices.)

·         Configured: Requires the explicit configuration of all MAC addresses authorized for the port. The port is not allowed to learn addresses from inbound traffic.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.