MeloneyOster
asked on
HP Procurve 2626 not blocking mac addresses
I have attempted to set up my HP Procurve 2626 to block all mac addresses but the ones I have specified through the following commands.
port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s (mac addresses for server #s 3, 4, and firewall)
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s (mac addresses for server #s 1,2,3,4)
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s (mac addresses for server #s 1,2,3,4 and workstation 1)
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss (mac addresses for server # 3 and firewall)
no port security is established on any other port
Port 1 is connected to another non-managed switch with several workstations in addition to workstation 1
Port 4 is connected to Server 2, which has the applicaction server of a program that most of the workstations use, and needs to communicate with the database server on Server 1
the remaining ports are disabled
The problem I have is that I can still access files on the servers connected to the secure ports from computers connected to the non-managed switch.
Here is my configuration. I've also tried rebooting the switch. Any ideas?
Startup configuration:
; J4900A Configuration Editor; Created on release #H.07.50
hostname "HP ProCurve Switch 2626"
cdp run
interface 2
no lacp
exit
interface 3
no lacp
exit
interface 5
no lacp
exit
interface 6
disable
exit
interface 7
disable
exit
interface 8
disable
exit
interface 9
disable
exit
interface 10
disable
exit
interface 11
disable
exit
interface 12
disable
exit
interface 13
disable
exit
interface 14
disable
exit
interface 15
disable
exit
interface 16
disable
exit
interface 17
disable
exit
interface 18
disable
exit
interface 19
disable
exit
interface 20
disable
exit
interface 21
disable
exit
interface 22
disable
exit
interface 23
disable
exit
interface 24
no lacp
exit
interface 25
disable
exit
interface 26
disable
exit
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-26
ip address xxx.xxx.xxx.11 255.255.255.0
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
ip authorized-managers xxx.xxx.xxx.12
port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss xxxxxxxxxxxx xxxxxxxxxxxx
password manager
password operator
{500 points refunded on PAQ - ee_ai_construct, cs moderator}
port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s (mac addresses for server #s 3, 4, and firewall)
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s (mac addresses for server #s 1,2,3,4)
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s (mac addresses for server #s 1,2,3,4 and workstation 1)
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss (mac addresses for server # 3 and firewall)
no port security is established on any other port
Port 1 is connected to another non-managed switch with several workstations in addition to workstation 1
Port 4 is connected to Server 2, which has the applicaction server of a program that most of the workstations use, and needs to communicate with the database server on Server 1
the remaining ports are disabled
The problem I have is that I can still access files on the servers connected to the secure ports from computers connected to the non-managed switch.
Here is my configuration. I've also tried rebooting the switch. Any ideas?
Startup configuration:
; J4900A Configuration Editor; Created on release #H.07.50
hostname "HP ProCurve Switch 2626"
cdp run
interface 2
no lacp
exit
interface 3
no lacp
exit
interface 5
no lacp
exit
interface 6
disable
exit
interface 7
disable
exit
interface 8
disable
exit
interface 9
disable
exit
interface 10
disable
exit
interface 11
disable
exit
interface 12
disable
exit
interface 13
disable
exit
interface 14
disable
exit
interface 15
disable
exit
interface 16
disable
exit
interface 17
disable
exit
interface 18
disable
exit
interface 19
disable
exit
interface 20
disable
exit
interface 21
disable
exit
interface 22
disable
exit
interface 23
disable
exit
interface 24
no lacp
exit
interface 25
disable
exit
interface 26
disable
exit
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-26
ip address xxx.xxx.xxx.11 255.255.255.0
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
ip authorized-managers xxx.xxx.xxx.12
port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss xxxxxxxxxxxx xxxxxxxxxxxx
password manager
password operator
{500 points refunded on PAQ - ee_ai_construct, cs moderator}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.