?
Solved

HP Procurve 2626 not blocking mac addresses

Posted on 2004-08-25
3
Medium Priority
?
2,271 Views
Last Modified: 2013-12-04
I have attempted to set up my HP Procurve 2626 to block all mac addresses but the ones I have specified through the following commands.

port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s (mac addresses for server #s 3, 4, and firewall)
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s (mac addresses for server #s 1,2,3,4)
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s (mac addresses  for server #s 1,2,3,4 and workstation 1)
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss (mac addresses for server # 3 and firewall)

no port security is established on any other port

Port 1 is connected to another non-managed switch with several workstations in addition to workstation 1

Port 4 is connected to Server 2, which has the applicaction server of a program that most of the workstations use, and needs to communicate with the database server on Server 1

the remaining ports are disabled

The problem I have is that I can still access files on the servers connected to the secure ports from computers connected to the non-managed switch.  

Here is my configuration.  I've also tried rebooting the switch. Any ideas?

Startup configuration:

; J4900A Configuration Editor; Created on release #H.07.50

hostname "HP ProCurve Switch 2626"
cdp run
interface 2
   no lacp
exit
interface 3
   no lacp
exit
interface 5
   no lacp
exit
interface 6
   disable
exit
interface 7
   disable
exit
interface 8
   disable
exit
interface 9
   disable
exit
interface 10
   disable
exit
interface 11
   disable
exit
interface 12
   disable
exit
interface 13
   disable
exit
interface 14
   disable
exit
interface 15
   disable
exit
interface 16
   disable
exit
interface 17
   disable
exit
interface 18
   disable
exit
interface 19
   disable
exit
interface 20
   disable
exit
interface 21
   disable
exit
interface 22
   disable
exit
interface 23
   disable
exit
interface 24
   no lacp
exit
interface 25
   disable
exit
interface 26
   disable
exit
snmp-server community "public" Unrestricted
vlan 1

   name "DEFAULT_VLAN"
   untagged 1-26
   ip address xxx.xxx.xxx.11 255.255.255.0
   exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
ip authorized-managers xxx.xxx.xxx.12
port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss xxxxxxxxxxxx xxxxxxxxxxxx
password manager
password operator

{500 points refunded on PAQ - ee_ai_construct, cs moderator}
0
Comment
Question by:MeloneyOster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Accepted Solution

by:
MeloneyOster earned 0 total points
ID: 11922188
I got the answer from HP.  As it turns out, the Procurve 2626 port security concerning mac addresses is only inbound.  This means that I can specify what mac addresses can be physically connected to a given port, but I cannot preven any data from going through the ports.  I'll have to do that through my firewall.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses
Course of the Month14 days, 1 hour left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question