Comware

Hi, i was studying the port security commands using the 2610 device, but i dont know exactly how this command works, i wonder if someone could give me a little explanation about that..

thanks!! and best regards

port security is a security feature

this feature with prevent unauthorized user connect to netwrok
with mac filtering

for example

port-security 1-10 address-limit 20 learn-mode static action send-disable

***port security:preamble

***1-10 :secure port list

***adress limit: 20 (each port learn and switch to network 1 to 32 mac address.if you want one address on the one port this value must be 1

***learn mode:learning mode, when enable this command on switch switch is dynamically learn mac address pc or other network device

***static:switch is write pc mac address on port with learn mode,
static command stable the mac address on port if you write continuous comamand switch erase all mac on port with reload

***action :send disable or send alarm
send disable :when connect authorized mac on switch this port disable
send alarm :when connect authorized mac on switch this port send alarm log,pcm server
and deny snmp,icmp traffic

if you want for more info please read guide
port security chapter

http://cdn.procurve.com/training/Manuals/2610-Security-Oct2008-59918642.pdf

thanks for the help, but i couldnt get info about the "limited-continuous" command in specific.

could you help me with this please?

Best Regards!

Usage: [no] port-security [ethernet] PORT-LIST
[learn-mode <CONTINUOUS></CONTINUOUS>limited-continuous|port-access>]
[address-limit <1-32>]
[mac-address MAC-ADDR [MAC-ADDR ...]]
[action <NONE>]
[clear-intrusion-flag]
Description: Set the port-security operation(s) for each port in port list.
Parameters:
o learn-mode <CONTINUOUS>
If 'continuous' is specified, the port continually learns new
addresses on the port. If 'static' is specified, the user
can configure addresses that are authorized to use on that port
and let the switch learn the remaining addresses up to the
specified address-limit. If 'configured' is specified, up
to address-limit configured addresses are authorized. Use the
'address-limit' parameter to specify the maximum number of
static addresses for the port.
The 'port-access' instructs the device to learn only the MAC
addresses authorized by 802.1X or Web/MAC authentication
subsystem. After a MAC address is authorized, only traffic
from the authorized MAC address is allowed.
If 'limited-continuous' is specified, the first
'address-limit' source MAC addresses heard on this
port become the authorized addresses. When new authorized
addresses are learned, they are stored in a table. When
the table has reached its 'address-limit', any
new source MAC addresses received on the port
constitutes an intrusion. The authorized addresses in
this mode will age out of the system, therefore the
list of authorized addresses can be dynamic over time.
o address-limit <1-N> - This parameter is valid only when the learn-mode
is static, configured, or limited-continuous.
It defines the number of MAC address that the table for the
given port will hold. For static and configured N is equal
to 8. For limited-continuous N is equal to 32.
o mac-address MAC-ADDR ... - This 12-hex digit parameter is only valid
when the learn-mode is static. The parameter is used to configure
the addresses that are authorized to use the port. The maximum
number of authorized addresses that may be configured and
learned is 8. If the number of configured addresses is less
than the address-limit, the switch will learn the remaining
number of addresses. Several addresses can be specified in
one command line.

o action <NONE> - Indicates the port security
action the switch will take if an intruder is detected on the
port.
o clear-intrusion-flag - clears intrusion indicator for the ports
specified in the command PORT-LIST</NONE></CONTINUOUS></NONE>

thanks for the help! now it is working


Regards!

solution found