HPE Community
Aruba & ProVision-based
1752781 Members
6668 Online
108789 Solutions
New Discussion

Best method to set up port security with current mac address in 2930F port

 
SOLVED
Go to solution
SHtan
Advisor

‎09-16-2021 02:09 AM - last edited on ‎09-16-2021 08:08 PM by

‎09-16-2021 02:09 AM - last edited on ‎09-16-2021 08:08 PM by

Best method to set up port security with current mac address in 2930F port

Hi all,

I have a task to set one mac address per 2930F ethernet port. Wondering if there is any earlier method to set all 24 ports, tied to their mac address with addres limit of 1. (Ensuring only the current mac-address is able to access the port on 2930F switch.

Currently i'm using 

port-security <one port> learn-mode static address-limit 1 mac-address <mac address>

Thanks!

0 Kudos
1 REPLY 1
Emil_G
HPE Pro

‎09-16-2021 02:47 AM

‎09-16-2021 02:47 AM

Solution

Re: Best method to set up port security with current mac address in 2930F port

Hello, 

In static learn mode you have 2 options for learning MACs: you can manually specify mac-address with the CLI command OR the port can also dynamically learn mac addresses up to the configured limit. The dynamically learned addresses will then be added to the configuration. They will not age out and persist across reboots if the running config was saved. The syntax is the same but you can specify more ports and you dont need the mac-address part.

 

port-security  1-24 learn-mode static address-limit 1 

With this command every port from 1 to 24 will learn the first MAC it sees on the port and add it ti the running config.

Then the port will only allow traffic from the learned MAC and block every other MAC address seen on the port.  There are some additional port security options. You can enable the switch to send an SNMP alarm trap when an intrusion attempt is detected or you can also send an alarn and disable the port. This are the commands.

port-security  1-24 learn-mode static address-limit 1  action send-alarm

or

port-security  1-24 learn-mode static address-limit 1  action send-disable

I am an HPE employee

Accept or Kudo


The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.