https://community.hpe.com/t5/security-e-series/hp-procurve-2610-port-security/m-p/5991333#M204 <P>Wesley,</P><P>&nbsp;</P><P>Typically port-security is used to tie specific MAC addresses to specific ports. &nbsp;For example you might want the phone with MAC address 000000-000001 to only be allowed on port A1 and only port A1. &nbsp;The phone would be the only device allowed to ingress packets on port A1 and it wouldn't be allowed if it was moved to another port.</P><P><SPAN>&nbsp;</SPAN></P><P><SPAN>It sounds like you are also connecting PCs to the phones. &nbsp;The PCs won't be allowed just because the phone is allowed. &nbsp;The PC's MAC address will also have to be configured in port-security just like the phone.</SPAN></P><P><SPAN>&nbsp;</SPAN></P><PRE>port-security a1 learn-mode configured<BR />port-security a1 address-limit 2 port-security a1 mac-address 000000-000001 # phone's MAC addr port-security a1 mac-address 000000-000002 # pc's MAC addr</PRE><P>The example above would allow the two devices with the given MAC addresses to connect to port A1.</P><P>&nbsp;</P><P>If you are deploying an environment where you want to authenticate the devices but not necessarily tie them to a specific port you may consider using a RADIUS server and mac-based authentication. &nbsp;Also, 802.1x is another option if your phones and PCs support it. &nbsp;Most recent phones and PCs will have not problem.</P><P>&nbsp;</P><P>Are you familiar with RADIUS?</P><P>&nbsp;</P><P>Thanks,</P><P>Nathan</P> Tue, 12 Mar 2013 00:13:33 GMT nathanjenne 2013-03-12T00:13:33Z https://community.hpe.com/t5/security-e-series/hp-procurve-2610-port-security/m-p/5990549#M203 <P>Hello,</P><P>&nbsp;</P><P>I've a question regarding the port security function on the HP Procurve 2610 switches. I wish to enable this but I'm not sure if it works&nbsp;in conjunction with&nbsp;IP Phones. They connect to these, which in turn are connected to terminals.</P><P>&nbsp;</P><P>Is it true that when port security is applied, the port on the switch&nbsp;will check the MAC Address of the IP Phone. If&nbsp;it's authorized,&nbsp;a connection will be allowed? Will&nbsp;the terminals also be allowed/blocked depending on if the IP Phones are allowed/blocked by the switch?</P><P>&nbsp;</P><P>If not, and you know of a better solution please advise. I'm looking for a decent way to make the network secure against unwanted devices.</P><P>&nbsp;</P><P>Regards,</P><P>Wesley</P> Mon, 11 Mar 2013 09:53:34 GMT https://community.hpe.com/t5/security-e-series/hp-procurve-2610-port-security/m-p/5990549#M203 Wesley3211 2013-03-11T09:53:34Z https://community.hpe.com/t5/security-e-series/hp-procurve-2610-port-security/m-p/5991333#M204 <P>Wesley,</P><P>&nbsp;</P><P>Typically port-security is used to tie specific MAC addresses to specific ports. &nbsp;For example you might want the phone with MAC address 000000-000001 to only be allowed on port A1 and only port A1. &nbsp;The phone would be the only device allowed to ingress packets on port A1 and it wouldn't be allowed if it was moved to another port.</P><P><SPAN>&nbsp;</SPAN></P><P><SPAN>It sounds like you are also connecting PCs to the phones. &nbsp;The PCs won't be allowed just because the phone is allowed. &nbsp;The PC's MAC address will also have to be configured in port-security just like the phone.</SPAN></P><P><SPAN>&nbsp;</SPAN></P><PRE>port-security a1 learn-mode configured<BR />port-security a1 address-limit 2 port-security a1 mac-address 000000-000001 # phone's MAC addr port-security a1 mac-address 000000-000002 # pc's MAC addr</PRE><P>The example above would allow the two devices with the given MAC addresses to connect to port A1.</P><P>&nbsp;</P><P>If you are deploying an environment where you want to authenticate the devices but not necessarily tie them to a specific port you may consider using a RADIUS server and mac-based authentication. &nbsp;Also, 802.1x is another option if your phones and PCs support it. &nbsp;Most recent phones and PCs will have not problem.</P><P>&nbsp;</P><P>Are you familiar with RADIUS?</P><P>&nbsp;</P><P>Thanks,</P><P>Nathan</P> Tue, 12 Mar 2013 00:13:33 GMT https://community.hpe.com/t5/security-e-series/hp-procurve-2610-port-security/m-p/5991333#M204 nathanjenne 2013-03-12T00:13:33Z