• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1705
  • Last Modified:

dhcp-snooping with HP Procurve 2530

I have HP Procurve 2530, dhcp-snooping is not available. I type dhcp-? it returns with no such command. Does this option  not support with this model?
0
officertango
Asked:
officertango
  • 5
  • 5
  • 2
2 Solutions
 
asavenerCommented:
I do not see DHCP snooping listed in the available features for that series.

http://h17007.www1.hp.com/us/en/networking/products/switches/HP_2530_Switch_Series/index.aspx#Security
0
 
TimotiStDatacenter TechnicianCommented:
That sounds a bit unusual, I think the 2520 series had the feature.
The release note definitely mentions DHCP snooping fixes in several releases.
What firmware version are you running?

Tamas
0
 
officertangoAuthor Commented:
I am running YA.15.10.0003 and it is a Procurve 2530.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
asavenerCommented:
0
 
officertangoAuthor Commented:
I guess I am out off luck with these model, is there anything equivalent to dhcp-snooping?
0
 
asavenerCommented:
A combination of physical and port security to keep rogue devices off of your network.  Still wouldn't block a trusted device from offering DHCP, though.
0
 
officertangoAuthor Commented:
I just want to make that my usersr does not plug in a home router on Lan and hand out wrong IP on the network. I know dhcp-snooping stops that. If I can't use that than is there something equivalent to that?
0
 
asavenerCommented:
I don't know the Procurve product line that well, unfortunately.

The suggestions I can think of, like port security and sticky MACs, require administrative engagement whenever a device changes ports.
0
 
officertangoAuthor Commented:
I am not familiar with sticky MAC? what can I do with port security?

thanks in advance
0
 
TimotiStDatacenter TechnicianCommented:
Well, the 25xx series are supposed to be the layer2 switches, and the 26xx is the "light layer3" line.
The 2500 and 2510 series couldn't do dhcp snooping, it's possible that even the 2530 won't be able to do layer3 level protection, in which case you're out of luck with it...
0
 
asavenerCommented:
Again, I'm not sure if these features are available on this model.

Port security lets you limit how many MAC addresses are associated with a port.  So you can limit it to two, for example, if you have a phone and a desktop system at the same desk.  The sticky command makes the switch remember the MACs if the port goes down and up, so that someone can't just unplug what's there and plug in another device.

The problem is when systems are moved around.  The port blocks the traffic until an administrator clears the sticky MAC address(es).

Also, it doesn't keep someone from connecting to a previously unused port, which is where your physical security comes into play.  You have to physically connect and disconnect the patch cables, to keep someone from going to an unused desk and just plugging in.


This all presupposes that you aren't going full Network Access Control, and implementing some kind of pre-admission controls.
0
 
officertangoAuthor Commented:
na
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now