Enabling Port Security Traps; Configuring Secure Mac Addresses - HP 10500 Series Configuration Manual

Step
4. Return to system view.
5. Set the silence timeout period
during which a port remains
disabled.

Enabling port security traps

You can configure the port security module to send traps for the following categories of events:
addresslearned—Learning of new MAC addresses.
•
dot1xlogfailure/dot1xlogon/dot1xlogoff—802.1X authentication failure, success, and 802.1X
•
user logoff.
ralmlogfailure/ralmlogon/ralmlogoff—MAC authentication failure, MAC authentication user
•
logon, and MAC authentication user logoff.
intrusion—Detection of illegal frames.
•
To enable port security traps:
Step
1. Enter system view.
2. Enable port
security traps.

Configuring secure MAC addresses

Secure MAC addresses are configured or learned in autoLearn mode and can survive link down/up
events. You can bind a secure MAC address to only one port in a VLAN.
IMPORTANT:
When the maximum number of secure MAC address entries is reached, the port changes to secure mode,
and no more secure MAC addresses can be added or learned. The port allows only frames sourced from
a secure MAC address or a MAC address configured by using the mac-address dynamic or mac-address
static command to pass through.
Secure MAC addresses fall into static, sticky and dynamic secure MAC addresses.
Table 11 A comparison of static, sticky, and dynamic secure MAC addresses
Type
Static
Command
system-view
port-security trap { addresslearned | dot1xlogfailure
| dot1xlogoff | dot1xlogon | intrusion |
ralmlogfailure | ralmlogoff | ralmlogon }
Address sources Aging mechanism
Not available.
They never age out unless you manually remove
Manually added
them, change the port security mode, or disable
the port security feature.
Command
quit
port-security timer disableport
time-value
173
Remarks
N/A
Optional.
20 seconds by default.
Remarks
N/A
By default, port security
traps are disabled.
Can be saved and
survive a device
reboot?
Yes.