Solved

dhcp-snooping with HP Procurve 2530

Posted on 2014-03-04
12
1,528 Views
Last Modified: 2014-03-20
I have HP Procurve 2530, dhcp-snooping is not available. I type dhcp-? it returns with no such command. Does this option  not support with this model?
0
Comment
Question by:officertango
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 2
12 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 39906298
I do not see DHCP snooping listed in the available features for that series.

http://h17007.www1.hp.com/us/en/networking/products/switches/HP_2530_Switch_Series/index.aspx#Security
0
 
LVL 17

Assisted Solution

by:TimotiSt
TimotiSt earned 250 total points
ID: 39906406
That sounds a bit unusual, I think the 2520 series had the feature.
The release note definitely mentions DHCP snooping fixes in several releases.
What firmware version are you running?

Tamas
0
 

Author Comment

by:officertango
ID: 39906936
I am running YA.15.10.0003 and it is a Procurve 2530.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 28

Accepted Solution

by:
asavener earned 250 total points
ID: 39906983
0
 

Author Comment

by:officertango
ID: 39907108
I guess I am out off luck with these model, is there anything equivalent to dhcp-snooping?
0
 
LVL 28

Expert Comment

by:asavener
ID: 39907137
A combination of physical and port security to keep rogue devices off of your network.  Still wouldn't block a trusted device from offering DHCP, though.
0
 

Author Comment

by:officertango
ID: 39907155
I just want to make that my usersr does not plug in a home router on Lan and hand out wrong IP on the network. I know dhcp-snooping stops that. If I can't use that than is there something equivalent to that?
0
 
LVL 28

Expert Comment

by:asavener
ID: 39907239
I don't know the Procurve product line that well, unfortunately.

The suggestions I can think of, like port security and sticky MACs, require administrative engagement whenever a device changes ports.
0
 

Author Comment

by:officertango
ID: 39907252
I am not familiar with sticky MAC? what can I do with port security?

thanks in advance
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 39907275
Well, the 25xx series are supposed to be the layer2 switches, and the 26xx is the "light layer3" line.
The 2500 and 2510 series couldn't do dhcp snooping, it's possible that even the 2530 won't be able to do layer3 level protection, in which case you're out of luck with it...
0
 
LVL 28

Expert Comment

by:asavener
ID: 39907345
Again, I'm not sure if these features are available on this model.

Port security lets you limit how many MAC addresses are associated with a port.  So you can limit it to two, for example, if you have a phone and a desktop system at the same desk.  The sticky command makes the switch remember the MACs if the port goes down and up, so that someone can't just unplug what's there and plug in another device.

The problem is when systems are moved around.  The port blocks the traffic until an administrator clears the sticky MAC address(es).

Also, it doesn't keep someone from connecting to a previously unused port, which is where your physical security comes into play.  You have to physically connect and disconnect the patch cables, to keep someone from going to an unused desk and just plugging in.


This all presupposes that you aren't going full Network Access Control, and implementing some kind of pre-admission controls.
0
 

Author Closing Comment

by:officertango
ID: 39943950
na
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Fiber Patch Panel 6 70
Radius Debug Error 16 129
Cisco 3560 switches not seeing VTP V3 12 95
The ideal material to secure cables 7 65
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
This article is a how to to configure a UCS Ethernet-uplink portchannel via the console. It is easy to do and can be done quite quickly. In certain versions of the UCS manager the portchannel has issues coming up and this is a workaround. I am…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question