Solved

HP Procurve 2626 not blocking mac addresses

Posted on 2004-08-25
3
2,266 Views
Last Modified: 2013-12-04
I have attempted to set up my HP Procurve 2626 to block all mac addresses but the ones I have specified through the following commands.

port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s (mac addresses for server #s 3, 4, and firewall)
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s (mac addresses for server #s 1,2,3,4)
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s (mac addresses  for server #s 1,2,3,4 and workstation 1)
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss (mac addresses for server # 3 and firewall)

no port security is established on any other port

Port 1 is connected to another non-managed switch with several workstations in addition to workstation 1

Port 4 is connected to Server 2, which has the applicaction server of a program that most of the workstations use, and needs to communicate with the database server on Server 1

the remaining ports are disabled

The problem I have is that I can still access files on the servers connected to the secure ports from computers connected to the non-managed switch.  

Here is my configuration.  I've also tried rebooting the switch. Any ideas?

Startup configuration:

; J4900A Configuration Editor; Created on release #H.07.50

hostname "HP ProCurve Switch 2626"
cdp run
interface 2
   no lacp
exit
interface 3
   no lacp
exit
interface 5
   no lacp
exit
interface 6
   disable
exit
interface 7
   disable
exit
interface 8
   disable
exit
interface 9
   disable
exit
interface 10
   disable
exit
interface 11
   disable
exit
interface 12
   disable
exit
interface 13
   disable
exit
interface 14
   disable
exit
interface 15
   disable
exit
interface 16
   disable
exit
interface 17
   disable
exit
interface 18
   disable
exit
interface 19
   disable
exit
interface 20
   disable
exit
interface 21
   disable
exit
interface 22
   disable
exit
interface 23
   disable
exit
interface 24
   no lacp
exit
interface 25
   disable
exit
interface 26
   disable
exit
snmp-server community "public" Unrestricted
vlan 1

   name "DEFAULT_VLAN"
   untagged 1-26
   ip address xxx.xxx.xxx.11 255.255.255.0
   exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
ip authorized-managers xxx.xxx.xxx.12
port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss xxxxxxxxxxxx xxxxxxxxxxxx
password manager
password operator

{500 points refunded on PAQ - ee_ai_construct, cs moderator}
0
Comment
Question by:MeloneyOster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Accepted Solution

by:
MeloneyOster earned 0 total points
ID: 11922188
I got the answer from HP.  As it turns out, the Procurve 2626 port security concerning mac addresses is only inbound.  This means that I can specify what mac addresses can be physically connected to a given port, but I cannot preven any data from going through the ports.  I'll have to do that through my firewall.
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question