- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Best method to set up port security with current m...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2021 02:09 AM - last edited on 09-16-2021 08:08 PM by support_s
09-16-2021 02:09 AM - last edited on 09-16-2021 08:08 PM by support_s
Hi all,
I have a task to set one mac address per 2930F ethernet port. Wondering if there is any earlier method to set all 24 ports, tied to their mac address with addres limit of 1. (Ensuring only the current mac-address is able to access the port on 2930F switch.
Currently i'm using
port-security <one port> learn-mode static address-limit 1 mac-address <mac address>
Thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2021 02:47 AM
09-16-2021 02:47 AM
SolutionHello,
In static learn mode you have 2 options for learning MACs: you can manually specify mac-address with the CLI command OR the port can also dynamically learn mac addresses up to the configured limit. The dynamically learned addresses will then be added to the configuration. They will not age out and persist across reboots if the running config was saved. The syntax is the same but you can specify more ports and you dont need the mac-address part.
port-security 1-24 learn-mode static address-limit 1
With this command every port from 1 to 24 will learn the first MAC it sees on the port and add it ti the running config.
Then the port will only allow traffic from the learned MAC and block every other MAC address seen on the port. There are some additional port security options. You can enable the switch to send an SNMP alarm trap when an intrusion attempt is detected or you can also send an alarn and disable the port. This are the commands.
port-security 1-24 learn-mode static address-limit 1 action send-alarm
or
port-security 1-24 learn-mode static address-limit 1 action send-disable