Port security auto-recovery

Information

Normally, a port disabled by the port security feature must be re-enabled manually; the auto-recovery feature allows the switch to automatically re-enable a disabled port after a specified disable timer has elapsed. The timer can be set between 1 and 300 seconds; setting it to 0 disables the timer.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To enable auto-recovery on a port, port security must be enabled by setting the MAC address learning mode to any mode other than continuous. Disabling port security by using the no port-security <port> command also clears the disable timer setting.

The following command enables auto-recovery on port 2 with a 30-second disable timer:

switch(config)# port-security 2 disable-timer 30

See Also

https://support.hpe.com/hpesc/public/docDisplay?docId=a00056155en_us

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(11)

Plugin: ArubaOS

Control ID: 49c39570978b2fbff06de459cf94f05fb136e52827caeb737e3ace2b417a5756