- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: ProCurve 2610 MAC Lockdown
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2009 08:16 AM
07-21-2009 08:16 AM
Thanks.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2009 09:40 AM
07-21-2009 09:40 AM
Solutionif you want make this operation you can use 3 way
1-classic mac lockdown with static-mac commad
edgeswitch(config)# static-mac
MAC-ADDR Enter MAC address for the 'static-mac'
command/parameter.
edgeswitch(config)# static-mac (mac-address)
you can write each port one by one authorized mac address
very exhaustive
2-learning switch with one commad all mac address on port with port security
edgeswitch(config)# port-security 1-23 address-limit 1 learn-mode static action
send-disable
with this command all port learn dynamically each mac address on port and only one mac address permision and if connect any other mac address on port port turn disable status
3-802.1x mac authentication
very secure and very flexible
802.1x operation running with radius server
any client connect any port with mac authentication
if connect request authorized mac address radius server approve connection on switch port
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2009 10:00 AM
07-21-2009 10:00 AM
Re: ProCurve 2610 MAC Lockdown
This is a little different question, but are you able to configure a specific port to only allow internet connection and no network access? Would that have to be a seperate VLAN?
Thanks again for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2009 10:38 AM
07-21-2009 10:38 AM
Re: ProCurve 2610 MAC Lockdown
if use only two procurve switch
I recomended you must make option 2
so
2-learning switch with one commad all mac address on port with port security
edgeswitch(config)# port-security 1-23 address-limit 1 learn-mode static action
send-disable
with this command all port learn dynamically each mac address on port and only one mac address permision and if connect any other mac address on port port turn disable status
very easy command
please test your 2610-24 switch
(config)# port-security 1-23 address-limit 1 learn-mode static action send-disable
switch learn dynamically at the moment connection mac address on port and this mac address sensible authorized mac address
if connect any other mac address on this port port is trun disable state
you must be turn port enable state with manuel command
(eth-13)# enable
in this way unauthorized pc unable connect your switch
important note:on uplink port (switch to switch ) don't port security config
your questions
yes it is possible
each port able sperate other port with
source port filter command
no need vlan
config)# filter source-port 1 drop 2-23
with this command port 1 between port 2 to 23 connection drop port 1 permit connection only interface 24 if you connect interface 24 internet router port 1 user only comminication internet router unable connection other pc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2009 11:28 AM
07-21-2009 11:28 AM
Re: ProCurve 2610 MAC Lockdown
Thanks again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2016 08:51 PM
05-25-2016 08:51 PM
Re: ProCurve 2610 MAC Lockdown
Sir Cenk can i use both ? Mac Lockdown and DHCP Snooping?