HP A 5120 Manual

Here you can view all the pages of manual HP A 5120 Manual. The HP manuals for Switch are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 151

 
141 
 MAC  learning  control—Includes  two  modes,  autoLearn  and  secure.  MAC  address  learning  is 
permitted on a port in autoLearn mode and disabled in secure mode.  
 Authentication—Security  modes  of  this  category  use  MAC  authentication,  802.1X  authentication, or 
their combinations to implement authentication. 
Upon receiving a frame, the port in a security mode searches the MAC address table for the source MAC 
address.  If  a  match  is  found,  the  port  forwards  the  frame....

Page 152

 
142 
A  port  in  this  mode  can  learn  MAC  addresses,  and  allows  frames  from  learned  or  configured  MAC 
addresses to  pass.  The  automatically  learned  MAC  addresses  are  secure  MAC  addresses.  You  can  also 
configure  secure  MAC  addresses  by  using  the port-security  mac-address  security command.  A  secure 
MAC address never ages out by default. 
In  addition,  you  can  configure  MAC  addresses  manually  by  using  the mac-address  dynamic and mac-
address static commands...

Page 153

 
143 
3. macAddressElseUserLoginSecure 
This mode  is  the  combination  of  the  macAddressWithRadius  and  userLoginSecure  modes,  with  MAC 
authentication having a higher priority as the Else keyword implies.  
For  non-802.1X  frames,  a  port  in  this  mode  performs  only  MAC  authentication.  For  802.1X  frames,  it 
performs MAC authentication and then, if the authentication fails, 802.1X authentication.  
4. macAddressElseUserLoginSecureExt 
This  mode  is  similar  to  the...

Page 154

 
144 
Task Remarks 
Ignoring authorization information from the server Optional 
 
Enabling port security 
Configuration prerequisites 
Disable 802.1X and MAC authentication globally.  
Configuration procedure 
Follow these steps to enable port security: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enable port security port-security enable Required 
Disabled by default. 
 
1. Enabling port security resets the following configurations on a port to the bracketed defaults. Then,...

Page 155

 
145 
 Control the number of secure MAC addresses that a port can learn for port security. 
 Control the maximum number of users who are allowed to access the network through the port. 
Follow these steps to set the maximum number of secure MAC addresses allowed on a port: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter Layer 2 Ethernet interface 
view 
interface interface-type interface-
number — 
Set the maximum number of 
secure MAC addresses allowed 
on a port...

Page 156

 
146 
To do… Use the command… Remarks 
Enter Layer 2 Ethernet 
interface view 
interface interface-type interface-
number — 
Set the port security mode 
port-security port-mode { autolearn | 
mac-authentication | mac-else-
userlogin-secure | mac-else-
userlogin-secure-ext | secure | 
userlogin | userlogin-secure | 
userlogin-secure-ext | userlogin-
secure-or-mac | userlogin-secure-or-
mac-ext | userlogin-withoui } 
Required 
By default, a port operates in 
noRestrictions mode. 
 
 NOTE: 
 When a port...

Page 157

 
147 
To do… Use the command… Remarks 
Configure the NTK feature 
port-security ntk-mode { ntk-
withbroadcasts | ntk-
withmulticasts | ntkonly } 
Required 
By default, NTK is disabled on a 
port and all frames are allowed to 
be sent. 
 
 NOTE: 
Support for the NTK feature depends on the port security mode.  
Configuring intrusion protection 
Intrusion protection enables a device to take one of the following actions in response to illegal frames: 
 blockmac—Adds  the  source  MAC  addresses  of...

Page 158

 
148 
 ralmlogfailure/ralmlogon/ralmlogoff—MAC authentication  failure/MAC  authentication  user 
logon/MAC authentication user logoff. 
 intrusion—Detection of illegal frames. 
Follow these steps to enable port security traps: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enable port security traps 
port-security trap { 
addresslearned | dot1xlogfailure 
| dot1xlogoff | dot1xlogon | 
intrusion | ralmlogfailure | 
ralmlogoff | ralmlogon } 
Required 
By default, port security traps...

Page 159

 
149 
To do… Use the command… Remarks 
Enter system view system-view — 
Set the sticky MAC aging timer port-security timer autolearn aging time-
value 
Optional 
By default, sticky MAC 
addresses do not age out, 
and you can remove them 
only by performing the 
undo port-security mac-
address security 
command, changing the 
port security mode, or 
disabling the port security 
feature. 
Configure a 
secure MAC 
address 
In system view 
port-security mac-address security [ sticky ] 
mac-address interface...

Page 160

 
150 
To do… Use the command… Remarks 
Display information about secure 
MAC addresses 
display port-security mac-address 
security [ interface interface-type 
interface-number ] [ vlan vlan-id ] 
[ count ] [ | { begin | exclude | 
include } regular-expression ]  
Available in any view 
Display information about 
blocked MAC addresses 
display port-security mac-address 
block [ interface interface-type 
interface-number ] [ vlan vlan-id ] 
[ count ] [ | { begin | exclude | 
include } regular-expression...

Start reading HP A 5120 Manual

Related Manuals for HP A 5120 Manual

HP 18108 Instruction Manual
71 pages | HP Switch
HP A 5120 Manual
1464 pages | HP Switch

All HP manuals