HPE Community
Web and Unmanaged
1752800 Members
5934 Online
108789 Solutions
New Discussion

Re: Port Security | HP 1910 48G

 
it_ejvnior
Frequent Advisor

‎08-03-2016 01:38 PM

‎08-03-2016 01:38 PM

Port Security | HP 1910 48G

Hi guys.

I have a doubt about the port security feature over the HP 1910 48G device.
I did the following commands in the CLI:

GLOBAL CONFIG:
port-security enable
port-security trap intrusion

INTERFACE CONFIG:
interface gig1/0/1
port-security max-mac-count 1
port-security port-mode autolearn
port-security intrusion-mode disableport

The feature works well when I plug another device in that port. The trap works well too. That happens exactly what I want to and my doubt is about the mac address table. The entry showing on the CLI is "NOAGED" and in the GUI the mac address entry does not appear anymore. When I try to add a static entry, the GUI says that this mac address already exists. I would like to know if it is a normal behaviour.

Software Version is 5.20 Release 1516.

The HP 1910 manual does not show any topic about.

Thanks in advance.

0 Kudos
4 REPLIES 4
Apachez-
Trusted Contributor

‎08-03-2016 02:33 PM

‎08-03-2016 02:33 PM

Re: Port Security | HP 1910 48G

I run this on a A5120 EI:

 port-security max-mac-count 10
 port-security port-mode autolearn
 port-security ntk-mode ntk-withmulticasts
 port-security intrusion-mode blockmac
 port-security mac-address dynamic
 port-security mac-address aging-type inactivity
 mac-address max-mac-count 10
 mac-address information enable added

And the output of "display mac-address" wont show the clients mac-address.

In order to locate that you need to run the "display port-security mac-address security" command.

However when doing so it says "NOAGED" but it seems to work according to the logs and the physical tests I have performed.

0 Kudos
it_ejvnior
Frequent Advisor

‎08-03-2016 05:47 PM

‎08-03-2016 05:47 PM

Re: Port Security | HP 1910 48G

Hi.

I would like to know about the command ntk.

There is an attachment with some entrys in the CLI.

So, is it a normal behaviour the noaged entry?

Thank you.

0 Kudos
Apachez-
Trusted Contributor

‎08-03-2016 11:21 PM

‎08-03-2016 11:21 PM

Re: Port Security | HP 1910 48G

I wrote this some time ago:

http://community.hpe.com/t5/Comware-Based/Port-Security-on-A5500/td-p/6472778

 

NTK from what I understand is for egress traffic.

0 Kudos
it_ejvnior
Frequent Advisor

‎08-04-2016 06:04 AM

‎08-04-2016 06:04 AM

Re: Port Security | HP 1910 48G

Good morning.

I set the ntk mode on disable to forward all traffic.

I'm curious about the mac-address entry on the GUI. Because none of the machines registered on all ports are appearing over the GUI's mac-address table.

When I use the command display mac-address static vlan <number> the return is "no MAC address found".
And when I type display mac-address interface gig1/0/1 the return is "no MAC address found".

Typing display port-security mac-address security, all the entries are listed.

Thank you.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.