Thursday, June 2, 2011

Mac Address limiting

So, you want to limit the number of mac addresses on a ethernet port to say two. One for a phone and one for the PC.  Pretty easy to do on HP a-series:


….globally…

port-security enable
port-security timer autolearn aging 30
port-security trap intrusion
port-security timer disableport 30

...at the interface level….
port-security max-mac-count 2
port-security port-mode autolearn
port-security intrusion-mode disableport-temporarily


The switch will auto-learn the first two mac-addresses it sees on the port and then if someone insert a third device, it will disallow it and, as well, disable the port for 30 seconds.  (damn users!)


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)