- Community Home
- >
- Networking
- >
- Security e-Series
- >
- Accept traffic via a specific mac address
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2016 06:51 AM
05-04-2016 06:51 AM
Accept traffic via a specific mac address
Hi All,
Just wondering if anyone has come accross this scenario in the past?
We have two switches, switch 1 and switch 2. We would like to allow traffic from all clients connected to switch 2 into switch 1 but only if that traffic has come via switch 2 (i.e. no one has pulled the uplink out of switch 2 and has tried to connect something else to it in which case the traffic should be disguarded).
A couple of further complications, we use 802.1X authenication and we need to be able to apply this form of lockdown to two of the ports on switch 1.
The switch I'm trying to get this working on is a 2620 (J9625A)
Any suggestions?
Thanks,
NS
- Tags:
- lockdown
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2016 07:02 PM
05-11-2016 07:02 PM
Re: Accept traffic via a specific mac address
Can you use Port-Security set it to static then enter the mac address of the switch at the other end of the uplink?
HP literature tells you you can switch off auto-MDIX to protect yourself from this situation - but I don't rate this is a valid approach because it doesn't take a genius to get hold of a cross-over cable to defeat it.
If you have dot1x implemented, I don't see what the problem is? Doesn't that do all the filtering you need?
Could you use track port on Switch1 to monitor a port on Switch2, and if it goes down, disable the uplink port and send an alert so you know what's going on?
Also, your network monitoring should detect if an Access switch goes down anyway, which could make you suspicious.