Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Security e-Series
Showing results for 
Search instead for 
Did you mean: 

HP Procurve 2610 Port Security

Occasional Visitor

HP Procurve 2610 Port Security



I've a question regarding the port security function on the HP Procurve 2610 switches. I wish to enable this but I'm not sure if it works in conjunction with IP Phones. They connect to these, which in turn are connected to terminals.


Is it true that when port security is applied, the port on the switch will check the MAC Address of the IP Phone. If it's authorized, a connection will be allowed? Will the terminals also be allowed/blocked depending on if the IP Phones are allowed/blocked by the switch?


If not, and you know of a better solution please advise. I'm looking for a decent way to make the network secure against unwanted devices.




Occasional Visitor

Re: HP Procurve 2610 Port Security



Typically port-security is used to tie specific MAC addresses to specific ports.  For example you might want the phone with MAC address 000000-000001 to only be allowed on port A1 and only port A1.  The phone would be the only device allowed to ingress packets on port A1 and it wouldn't be allowed if it was moved to another port.


It sounds like you are also connecting PCs to the phones.  The PCs won't be allowed just because the phone is allowed.  The PC's MAC address will also have to be configured in port-security just like the phone.


port-security a1 learn-mode configured
port-security a1 address-limit 2 port-security a1 mac-address 000000-000001 # phone's MAC addr port-security a1 mac-address 000000-000002 # pc's MAC addr

The example above would allow the two devices with the given MAC addresses to connect to port A1.


If you are deploying an environment where you want to authenticate the devices but not necessarily tie them to a specific port you may consider using a RADIUS server and mac-based authentication.  Also, 802.1x is another option if your phones and PCs support it.  Most recent phones and PCs will have not problem.


Are you familiar with RADIUS?