Solved

HP Procurve 2626 not blocking mac addresses

Posted on 2004-08-25
3
2,252 Views
Last Modified: 2013-12-04
I have attempted to set up my HP Procurve 2626 to block all mac addresses but the ones I have specified through the following commands.

port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s (mac addresses for server #s 3, 4, and firewall)
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s (mac addresses for server #s 1,2,3,4)
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s (mac addresses  for server #s 1,2,3,4 and workstation 1)
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss (mac addresses for server # 3 and firewall)

no port security is established on any other port

Port 1 is connected to another non-managed switch with several workstations in addition to workstation 1

Port 4 is connected to Server 2, which has the applicaction server of a program that most of the workstations use, and needs to communicate with the database server on Server 1

the remaining ports are disabled

The problem I have is that I can still access files on the servers connected to the secure ports from computers connected to the non-managed switch.  

Here is my configuration.  I've also tried rebooting the switch. Any ideas?

Startup configuration:

; J4900A Configuration Editor; Created on release #H.07.50

hostname "HP ProCurve Switch 2626"
cdp run
interface 2
   no lacp
exit
interface 3
   no lacp
exit
interface 5
   no lacp
exit
interface 6
   disable
exit
interface 7
   disable
exit
interface 8
   disable
exit
interface 9
   disable
exit
interface 10
   disable
exit
interface 11
   disable
exit
interface 12
   disable
exit
interface 13
   disable
exit
interface 14
   disable
exit
interface 15
   disable
exit
interface 16
   disable
exit
interface 17
   disable
exit
interface 18
   disable
exit
interface 19
   disable
exit
interface 20
   disable
exit
interface 21
   disable
exit
interface 22
   disable
exit
interface 23
   disable
exit
interface 24
   no lacp
exit
interface 25
   disable
exit
interface 26
   disable
exit
snmp-server community "public" Unrestricted
vlan 1

   name "DEFAULT_VLAN"
   untagged 1-26
   ip address xxx.xxx.xxx.11 255.255.255.0
   exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
ip authorized-managers xxx.xxx.xxx.12
port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss xxxxxxxxxxxx xxxxxxxxxxxx
password manager
password operator

{500 points refunded on PAQ - ee_ai_construct, cs moderator}
0
Comment
Question by:MeloneyOster
3 Comments
 

Accepted Solution

by:
MeloneyOster earned 0 total points
ID: 11922188
I got the answer from HP.  As it turns out, the Procurve 2626 port security concerning mac addresses is only inbound.  This means that I can specify what mac addresses can be physically connected to a given port, but I cannot preven any data from going through the ports.  I'll have to do that through my firewall.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question