• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2316
  • Last Modified:

HP Procurve 2626 not blocking mac addresses

I have attempted to set up my HP Procurve 2626 to block all mac addresses but the ones I have specified through the following commands.

port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s (mac addresses for server #s 3, 4, and firewall)
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s (mac addresses for server #s 1,2,3,4)
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s (mac addresses  for server #s 1,2,3,4 and workstation 1)
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss (mac addresses for server # 3 and firewall)

no port security is established on any other port

Port 1 is connected to another non-managed switch with several workstations in addition to workstation 1

Port 4 is connected to Server 2, which has the applicaction server of a program that most of the workstations use, and needs to communicate with the database server on Server 1

the remaining ports are disabled

The problem I have is that I can still access files on the servers connected to the secure ports from computers connected to the non-managed switch.  

Here is my configuration.  I've also tried rebooting the switch. Any ideas?

Startup configuration:

; J4900A Configuration Editor; Created on release #H.07.50

hostname "HP ProCurve Switch 2626"
cdp run
interface 2
   no lacp
exit
interface 3
   no lacp
exit
interface 5
   no lacp
exit
interface 6
   disable
exit
interface 7
   disable
exit
interface 8
   disable
exit
interface 9
   disable
exit
interface 10
   disable
exit
interface 11
   disable
exit
interface 12
   disable
exit
interface 13
   disable
exit
interface 14
   disable
exit
interface 15
   disable
exit
interface 16
   disable
exit
interface 17
   disable
exit
interface 18
   disable
exit
interface 19
   disable
exit
interface 20
   disable
exit
interface 21
   disable
exit
interface 22
   disable
exit
interface 23
   disable
exit
interface 24
   no lacp
exit
interface 25
   disable
exit
interface 26
   disable
exit
snmp-server community "public" Unrestricted
vlan 1

   name "DEFAULT_VLAN"
   untagged 1-26
   ip address xxx.xxx.xxx.11 255.255.255.0
   exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
ip authorized-managers xxx.xxx.xxx.12
port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss xxxxxxxxxxxx xxxxxxxxxxxx
password manager
password operator

{500 points refunded on PAQ - ee_ai_construct, cs moderator}
0
MeloneyOster
Asked:
MeloneyOster
1 Solution
 
MeloneyOsterAuthor Commented:
I got the answer from HP.  As it turns out, the Procurve 2626 port security concerning mac addresses is only inbound.  This means that I can specify what mac addresses can be physically connected to a given port, but I cannot preven any data from going through the ports.  I'll have to do that through my firewall.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now