Solved

HP Procurve 2626 not blocking mac addresses

Posted on 2004-08-25
3
2,249 Views
Last Modified: 2013-12-04
I have attempted to set up my HP Procurve 2626 to block all mac addresses but the ones I have specified through the following commands.

port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s (mac addresses for server #s 3, 4, and firewall)
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s (mac addresses for server #s 1,2,3,4)
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s (mac addresses  for server #s 1,2,3,4 and workstation 1)
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss (mac addresses for server # 3 and firewall)

no port security is established on any other port

Port 1 is connected to another non-managed switch with several workstations in addition to workstation 1

Port 4 is connected to Server 2, which has the applicaction server of a program that most of the workstations use, and needs to communicate with the database server on Server 1

the remaining ports are disabled

The problem I have is that I can still access files on the servers connected to the secure ports from computers connected to the non-managed switch.  

Here is my configuration.  I've also tried rebooting the switch. Any ideas?

Startup configuration:

; J4900A Configuration Editor; Created on release #H.07.50

hostname "HP ProCurve Switch 2626"
cdp run
interface 2
   no lacp
exit
interface 3
   no lacp
exit
interface 5
   no lacp
exit
interface 6
   disable
exit
interface 7
   disable
exit
interface 8
   disable
exit
interface 9
   disable
exit
interface 10
   disable
exit
interface 11
   disable
exit
interface 12
   disable
exit
interface 13
   disable
exit
interface 14
   disable
exit
interface 15
   disable
exit
interface 16
   disable
exit
interface 17
   disable
exit
interface 18
   disable
exit
interface 19
   disable
exit
interface 20
   disable
exit
interface 21
   disable
exit
interface 22
   disable
exit
interface 23
   disable
exit
interface 24
   no lacp
exit
interface 25
   disable
exit
interface 26
   disable
exit
snmp-server community "public" Unrestricted
vlan 1

   name "DEFAULT_VLAN"
   untagged 1-26
   ip address xxx.xxx.xxx.11 255.255.255.0
   exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
ip authorized-managers xxx.xxx.xxx.12
port-security 2 learn-mode static address-limit 3 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 3 learn-mode static address-limit 4 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 5 learn-mode static address-limit 5 action send-disable mac-addres
s xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxx
port-security 24 learn-mode static address-limit 2 action send-disable mac-addre
ss xxxxxxxxxxxx xxxxxxxxxxxx
password manager
password operator

{500 points refunded on PAQ - ee_ai_construct, cs moderator}
0
Comment
Question by:MeloneyOster
3 Comments
 

Accepted Solution

by:
MeloneyOster earned 0 total points
ID: 11922188
I got the answer from HP.  As it turns out, the Procurve 2626 port security concerning mac addresses is only inbound.  This means that I can specify what mac addresses can be physically connected to a given port, but I cannot preven any data from going through the ports.  I'll have to do that through my firewall.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question