HPE Community
HPE Aruba Networking & ProVision-based
1848520 Members
2329 Online
104031 Solutions
New Discussion

Port Security - Automatic enable (HP 2920-24G PoE+ Switch, J9737A)

 
marcbrunner
Occasional Contributor

‎07-11-2014 02:43 AM

‎07-11-2014 02:43 AM

Port Security - Automatic enable (HP 2920-24G PoE+ Switch, J9737A)

Hi Guys

 

I want to prevent that end users connect third switches to the access switches. For this i use port-security with the following command.

 

port-security 1-23 address-limit 1 learn-mode limited-continuous action send-disable

 

It works fine. For Example if I connect a Switch with several Devices the port goes down.

 

In the next step I want to enable the port automatically if I connect an end device such as my Notebook again.

 

I didn't found any commands or descriptions for my problem.

 

Is there a possibility to do this? Is port-security the right way?

 

 

Kind Regards

Marc

0 Kudos
3 REPLIES 3
Chrisd131313
Trusted Contributor

‎07-11-2014 08:58 AM - edited ‎07-11-2014 09:05 AM

‎07-11-2014 08:58 AM - edited ‎07-11-2014 09:05 AM

Re: Port Security - Automatic enable (HP 2920-24G PoE+ Switch, J9737A)

Hi marcbrunner,

 

If you remove the "send-disable" option you should be able to block non-authorised devices but still allow authorised devices... Extract from Switch Acces Guide...

 

Blocking unauthorized traffic
Unless you configure the switch to disable a port on which a security violation is detected, the
switch security measures block unauthorized traffic without disabling the port. This implementation
enables you to apply the security configuration to ports on which hubs, switches, or other devices
are connected, and to maintain security while also maintaining network access to authorized users.

 

The other option is to use port-access (802.1x) so you can either use mac-based authentication or RADIUS authentication, this will allow devices to to added to a RADIUS client file or AD and authentication is tyhen based on those lsits, if the device does nto authentication successfuly it is dumped in to a unauth-vid, this way you are not shutting down the port and it will allow your authenticationed devices on to the network on a port that was earlier denied to an un-authenticated device. 

 

HTH

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.
0 Kudos
marcbrunner
Occasional Contributor

‎07-18-2014 05:05 AM

‎07-18-2014 05:05 AM

Re: Port Security - Automatic enable (HP 2920-24G PoE+ Switch, J9737A)

Hello

 

I have the option "mac-adress" Configure the adress(es) authorized on the port(s). But that is not the solution because there needs to be an dynamic access list. It doesn't matter which MAC Adress it is. its abaout how many are allowed.

 

Are there any other possibilities?

 

 

Kind Regards

Marc

0 Kudos
Chrisd131313
Trusted Contributor

‎07-25-2014 01:32 AM

‎07-25-2014 01:32 AM

Re: Port Security - Automatic enable (HP 2920-24G PoE+ Switch, J9737A)

If it's just about quantity of MAC address on a single port then you can set the device limit on that specific port...

 

 port-security <port> address-limit <1- 64>.

 

 

 

 

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.