Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Here you can view all the pages of manual HP 5500 Ei 5500 Si Switch Series Configuration Guide. The HP manuals for Printer are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 1881

$Page 1881 216 # Set port security’s limit on the number of MAC addresses to 64 on the port. [Device-GigabitEthernet1/0/1] port-security max-mac-count 64 # Set the port security mode to autoLearn. [Device-GigabitEthernet1/0/1] port-security port-mode autolearn # Configure the port to be silent for 30 seconds after the intrusion protection feature is triggered. [Device-GigabitEthernet1/0/1] port-security intrusion-mode disableport-t\ emporarily [Device-GigabitEthernet1/0/1] quit [Device] port-security...$

 216 
# Set port security’s limit on the number of MAC addresses to 64 on the port. 
[Device-GigabitEthernet1/0/1] port-security max-mac-count 64 
# Set the port security mode to autoLearn. 
[Device-GigabitEthernet1/0/1] port-security port-mode autolearn 
# Configure the port to be silent for 30 seconds after the intrusion protection feature is triggered.  
[Device-GigabitEthernet1/0/1] port-security intrusion-mode disableport-t\
emporarily 
[Device-GigabitEthernet1/0/1] quit 
[Device] port-security...

Page 1882

$Page 1882 217 Execute the display port-security interface command after the number of MAC addresses learned by the port reaches 64, and you can see that the port security mode has changed to secure. When any frame with a new MAC address arrives, intrusion protection is triggered and you can see the following trap message. #Jan 14 10:39:47:135 2011 Device PORTSEC/4/VIOLATION: Trap1.3.6.1.4.1.25\ 506.2.26.1. 3.2: An intrusion occurs! IfIndex: 9437185 Port: 9437185 MAC Addr: 00:02:00:00:00:32 VLAN...$

 217 
Execute the display port-security interface command after the number of MAC addresses learned by the 
port reaches 64, and you can see that the port security mode has changed to secure. When any frame 
with a new MAC address arrives, intrusion protection is triggered and you can see the following trap 
message. 
#Jan 14 10:39:47:135 2011 Device PORTSEC/4/VIOLATION: Trap1.3.6.1.4.1.25\
506.2.26.1. 
3.2: 
 An intrusion occurs! 
 IfIndex: 9437185 
 Port: 9437185 
 MAC Addr: 00:02:00:00:00:32 
 VLAN...

Page 1883

 218 
•  Allow up to 16 OUI values to be configured and allow one terminal that uses any of the OUI values 
to access the port in addition to an 802.1X user. 
Figure 88  Network diagram 
 
 
Configuration procedure 
Configurations on the host and RADIUS servers are not shown. The following configuration steps cover 
some AAA/RADIUS configuration commands. For more information about the commands, see  Security 
Command Referenced . 
1. Configure the RADIUS protocol: 
# Configure a RADIUS scheme named...

Page 1884

$Page 1884 219 [Device] port-security enable # Add five OUI values. [Device] port-security oui 1234-0100-1111 index 1 [Device] port-security oui 1234-0200-1111 index 2 [Device] port-security oui 1234-0300-1111 index 3 [Device] port-security oui 1234-0400-1111 index 4 [Device] port-security oui 1234-0500-1111 index 5 [Device] interface gigabitethernet 1/0/1 # Set the port security mode to userLoginWithOUI. [Device-GigabitEthernet1/0/1] port-security port-mode userlogin-withoui \ Verifying the...$

 219 
[Device] port-security enable 
# Add five OUI values.  
[Device] port-security oui 1234-0100-1111 index 1 
[Device] port-security oui 1234-0200-1111 index 2 
[Device] port-security oui 1234-0300-1111 index 3 
[Device] port-security oui 1234-0400-1111 index 4 
[Device] port-security oui 1234-0500-1111 index 5 
[Device] interface gigabitethernet 1/0/1 
# Set the port security mode to userLoginWithOUI. 
[Device-GigabitEthernet1/0/1] port-security port-mode userlogin-withoui \
Verifying the...

Page 1885

 220 
# Display the configuration of the ISP domain sun. 
 display domain sun 
   Domain : sun 
   State : Active 
   Access-limit : 30 
   Accounting method : Required 
   Default authentication scheme      : radius:radsun 
   Default authorization scheme       : radius:radsun 
   Default accounting scheme          : radius:radsun 
   Domain User Template: 
   Idle-cut : Disabled 
   Self-service : Disabled 
   Authorization attributes: 
# Display the port security configuration. 
 display port-security...

Page 1886

 221 
                EAD timeout:    30m 
 
 The maximum 802.1X user resource number is 1024 per slot 
 Total current used 802.1X resource number is 1 
 
 GigabitEthernet1/0/1  is link-up 
   802.1X protocol is enabled 
   Handshake is enabled 
   Handshake secure is disabled 
   802.1X unicast-trigger is enabled 
   Periodic reauthentication is disabled 
   The port is an authenticator 
   Authentication Mode is Auto 
   Port Control Type is Mac-based 
   802.1X Multicast-trigger is enabled...

Page 1887

 222 
Configuring the macAddressElseUserLoginSecure mode 
Network requirements 
As shown in Figure 88, a client is connected to the Device th rough GigabitEthernet 1/0/1. The Device 
authenticates the client by a RADIUS server. If the authentication succeeds, the client is authorized to 
access the Internet. 
Restrict port GigabitEthernet 1/0/1  of the Device: 
•   Allow more than one MAC authenticated user to log on.  
•   For 802.1X users, perform MAC authentication first and then, if MAC...

Page 1888

 223 
 Disableport Timeout: 20s 
 OUI value: 
 
 GigabitEthernet1/0/1 is link-up 
   Port mode is macAddressElseUserLoginSecure 
   NeedToKnow mode is NeedToKnowOnly 
   Intrusion Protection mode is NoAction 
   Max MAC address number is 64 
   Stored MAC address number is 0 
   Authorization is permitted 
   Security MAC address learning mode is sticky 
   Security MAC address aging type is absolute   
 
# Display MAC authentication information. 
 display mac-authentication interface gigabitethernet...

Page 1889

 224 
                The maximal retransmitting times    2 
 EAD quick deploy configuration: 
                EAD timeout:    30m 
 
 Total maximum 802.1X user resource number is 1024 per slot 
 Total current used 802.1X resource number is 1 
 
GigabitEthernet1/0/1  is link-up 
   802.1X protocol is enabled 
   Handshake is enabled 
   Handshake secure is disabled 
   802.1X unicast-trigger is enabled 
   Periodic reauthentication is disabled 
   The port is an authenticator 
   Authentication Mode is...

Page 1890

 225 
  Error:When we change port-mode, we should first change it to noRestrictions, then change 
it to the other. 
Analysis 
For a port operating in a port security mode other than noRestrictions, you cannot change the port 
security mode by using the port-security port-mode command directly.  
Solution 
Set the port security mode to noRestrictions first. 
[Device-GigabitEthernet1/0/1] undo port-security port-mode 
[Device-GigabitEthernet1/0/1] port-security port-mode autolearn 
Cannot configure secure...

Start reading HP 5500 Ei 5500 Si Switch Series Configuration Guide

Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP C4280 User Manual
155 pages | HP Printer
HP CM8060 User Manual
306 pages | HP Printer
HP Color LaserJet 1600 User Manual
142 pages | HP Printer
HP Business InkJet 1000 User Manual
96 pages | HP Printer
HP Business InkJet 1100 User Manual
102 pages | HP Printer
HP Business InkJet 1200D User Manual
112 pages | HP Printer
HP Business InkJet 2800 User Manual
114 pages | HP Printer
HP Business InkJet 2800dtn User Manual
114 pages | HP Printer
HP Business InkJet 3000 User Manual
114 pages | HP Printer
HP CM8050 User Manual
104 pages | HP Printer

All HP manuals