HPE Community
HPE Aruba Networking & ProVision-based
1821249 Members
2804 Online
109632 Solutions
New Discussion юеВ

Problem with ProCurve 2626 and port-security learning mode "limited-continuous"

 
A Mueller
New Member

тАО02-25-2010 01:35 AM - last edited on тАО07-23-2013 01:22 AM by

тАО02-25-2010 01:35 AM - last edited on тАО07-23-2013 01:22 AM by

Problem with ProCurve 2626 and port-security learning mode "limited-continuous"

We have the following Problem when using the learn-mode "limited-continuous" in the port-security settings on an 2626 ProCurve switch:
Two computers are connected to the 2626 - one directly (Computer A) and the second one with another switch between the computer and the 2626 (Computer B). We set the learn-mode of the port-security on both of the involved ports to "limited-continuous address limit 3". When the 2626 forgot the MAC-addresses of both computers ('show mac' shows no results), then it is impossible to ping Computer A from Computer B: The 2626 does not learn the MAC-addresses. When I start a ping from Computer B to Computer A then the 2626 learns the MAC-addresses of both computers and both computers can ping each other. I tried several firmwares (H10.31, H10.50 and H10.83) on the 2626 but that did not solve the problem.
If I try the same setup with a ProCurve 2610 switch the computers do not have problems pinging Computer A from Computer B.
Is this a bug on the 2626 ?
How do I set up port-security in learning mode with an address limit on the 2626 ?
Are there other settings that could be changed to solve the problem ?
I have not found the option "limited-continuous" in any of the manuals of the 2610. Where is it described ?

thanks for your help and greetings,

Andreas

 

 

P.S. This thread has been moevd from Switches, Hubs, Modems (Legacy ITRC forum) to ProCurve/ProVision. - Hp Forum Moderator

0 Kudos
3 REPLIES 3
Ralf Krause
Frequent Advisor

тАО02-26-2010 01:45 AM

тАО02-26-2010 01:45 AM

Re: Problem with ProCurve 2626 and port-security learning mode "limited-continuous"

The behavior here seems to differ between older and newer models.

The keyword is eavesdrop prevention.

An excerpt from the 5400zl series manuals:
"Configuring port security on a given switch port automatically enables Eavesdrop Prevention for that port. This prevents use of the port to flood unicast packets addressed to MAC addresses unknown to the switch and blocks unauthorized users from eavesdropping on traffic intended for addresses that have aged-out of the switch├в s address table. (Eavesdrop Prevention does not affect multicast and broadcast traffic; the switch floods these two traffic types out a given port regardless of whether port security is enabled on that port.)"

On the K-Software devices, this behavior is configurable.

On other switches, it is not, and has eavesdrop prevention either enabled or not by default (I don't know for the 2600 series).



However, this does not affect chatty devices, since they will cause the switch to relearn their MAC address!


Summing up:
Your observation might be by intention.

I would suggest to contact support to have this double-checked and verified.
0 Kudos
b2b
Occasional Advisor

тАО01-27-2013 06:45 PM

тАО01-27-2013 06:45 PM

Re: Problem with ProCurve 2626 and port-security learning mode "limited-continuous"

Hello i want to know is HP procurve has port-security aging command ? or any ohter equal cmd available in HP ?

0 Kudos
hajar1
New Member

тАО07-22-2013 05:16 AM

тАО07-22-2013 05:16 AM

Re: Problem with HP switch 5412 and port-security learning mode "static" does not work

Hi , 

 

 I have the problems on HP 5412  that the port-security in learning mode doesn't work , if you have any idea for resolved that problems help me plz,

 

Thankx

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.