topic Re: Accept traffic via a specific mac address in Security e-Series https://community.hpe.com/t5/security-e-series/accept-traffic-via-a-specific-mac-address/m-p/6858664#M364 <P>Can you use Port-Security set it to static then enter the mac address of the switch at the other end of the uplink?</P><P>HP literature tells you you can switch off auto-MDIX to protect yourself from this situation - but I don't rate this is a valid approach because it doesn't take a genius to get hold of a cross-over cable to defeat it.</P><P>If you have dot1x implemented, I don't see what the problem is? Doesn't that do all the filtering you need?</P><P>Could you use track port on Switch1 to monitor a port on Switch2, and if it goes down, disable the uplink port and send an alert so you know what's going on?</P><P>Also, your network monitoring should detect if an Access switch goes down anyway, which could make you suspicious.</P> Thu, 12 May 2016 02:02:30 GMT Vince-Whirlwind 2016-05-12T02:02:30Z Accept traffic via a specific mac address https://community.hpe.com/t5/security-e-series/accept-traffic-via-a-specific-mac-address/m-p/6856517#M362 <P>Hi All,</P><P>Just wondering if anyone has come accross this scenario in the past?</P><P>We have two switches, switch 1 and switch 2. We would like to allow traffic from all clients connected to switch 2 into switch 1 but&nbsp;only if that traffic has come via switch 2 (i.e. no one has pulled the uplink out of switch 2 and has tried to connect something else to it in which case the traffic should be disguarded).</P><P>A couple of further complications, we use 802.1X authenication and we need to be able to apply this form of lockdown to two of the ports on switch 1.</P><P>The switch I'm trying to get this working on is a 2620 (J9625A)</P><P>Any suggestions?</P><P>Thanks,</P><P>NS</P> Wed, 04 May 2016 13:51:06 GMT https://community.hpe.com/t5/security-e-series/accept-traffic-via-a-specific-mac-address/m-p/6856517#M362 NetworkSeb 2016-05-04T13:51:06Z Re: Accept traffic via a specific mac address https://community.hpe.com/t5/security-e-series/accept-traffic-via-a-specific-mac-address/m-p/6858664#M364 <P>Can you use Port-Security set it to static then enter the mac address of the switch at the other end of the uplink?</P><P>HP literature tells you you can switch off auto-MDIX to protect yourself from this situation - but I don't rate this is a valid approach because it doesn't take a genius to get hold of a cross-over cable to defeat it.</P><P>If you have dot1x implemented, I don't see what the problem is? Doesn't that do all the filtering you need?</P><P>Could you use track port on Switch1 to monitor a port on Switch2, and if it goes down, disable the uplink port and send an alert so you know what's going on?</P><P>Also, your network monitoring should detect if an Access switch goes down anyway, which could make you suspicious.</P> Thu, 12 May 2016 02:02:30 GMT https://community.hpe.com/t5/security-e-series/accept-traffic-via-a-specific-mac-address/m-p/6858664#M364 Vince-Whirlwind 2016-05-12T02:02:30Z