7-20
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access
Configuring and Monitoring Port Security
Using Passwords, Port
Security, and Authorized IP
To add a second authorized device to port 1, execute a port-security command
for for port 1 that raises the address limit to 2 and specifies the additional
device’s MAC address. For example:
HP2512(config)# port-security 1 mac-address 0c0090-456456
address-limit 2
Removing a Device From the “Authorized” List for a Port. This com-
mand option removes unwanted devices (MAC addresses) from the Autho-
rized Addresses list. (An Authorized Address list is available for each port for
which Learn Mode is currently set to “Static”. See the “Address List” entry in
the table on page 7-15.)
Caution When learn mode is set to static, the Address Limit (address-limit) parameter
controls how many devices are allowed in the Authorized Addresses (mac-
address) for a given port. If you remove a MAC address from the Authorized
Addresses list without also reducing the Address Limit by 1, the port may
subsequently detect and accept as authorized a MAC address that you do not
intend to include in your Authorized Address list. Thus, if you use the CLI to
remove a device that is no longer authorized, it is recommended that you first
reduce the Address Limit (address-limit) integer by 1, as shown below. This
prevents the possibility of the same device or another unauthorized device on
the network from automatically being accepted as “authorized” for that port.
To remove a device (MAC address) from the “Authorized” list and when the
current number of devices equals the Address Limit value, you should first
reduce the Address Limit value by 1, then remove the unwanted device.
Note You can reduce the address limit below the number of currently authorized
addresses on a port. This enables you to subsequently remove a device from
the “Authorized” list without opening the possibility for an unwanted device
to automatically become authorized.
