HPE Community
Switches, Hubs, and Modems
1753340 Members
5313 Online
108792 Solutions
New Discussion юеВ

Re: 2510-24

 
SOLVED
Go to solution
cenk sasmaztin
Honored Contributor

тАО05-15-2008 11:56 PM

тАО05-15-2008 11:56 PM

Re: 2510-24

Configuring Protected Ports
There are situations where you want to provide internet access to users but
prevent them from accessing each other. To achieve this control, you can use
the protected-ports command. The command applies per-port, and filters the
outbound traffic from a port. This allows the configuration of two port groups
on a switch├в protected ports and unprotected ports. The ports have these
characteristics:
├в   Traffic from protected ports is not forwarded to other protected ports.
├в   Protected ports can communicate with unprotected ports, but not
with each other.
├в   Unprotected ports can communicate with all ports.
├в   The protected-ports command applies to logical ports (trunks as well
as untrunked ports)
Figure 9-15. Example of Protected Ports Command for Ports 4 and 5
To display information about which ports have been configured as protected
ports, enter this command:
ProCurve(config)# show protected-ports
Syntax: [no] protected-ports
Prevents the selected ports from communicating with each
other.
Default: All ports unprotected.
no protected-ports all
Clears the protection from all ports; all ports can now communicate
with each other
---------------------------------------------
ProCurve(config)# protected-ports 4-5
---------------------------------------------
cenk

Alessandro_78
Regular Advisor

тАО05-16-2008 12:01 AM

тАО05-16-2008 12:01 AM

Re: 2510-24

Ok.
So, if port 25 is connected to internet (uplink), port 10 is database server, port1,port2,port3 are web servers I can do the following:

port 1 unprotected
port 2 unprotected
port 3 unprotected

port 10 protected

port 25 protected

Doing so, port 1,2,3 can comunicate with all ports, port 10 can't comunicate with port 25 and the it will not have internet access.

Port 25 can't comunicate with port 10 so from Internet I can't access database server

Is true?
0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-16-2008 12:02 AM

тАО05-16-2008 12:02 AM

Re: 2510-24

yess Alessandro

your server protect port

(config)#protect-port 10

all other port unprotect

good luck....
cenk

cenk sasmaztin
Honored Contributor

тАО05-16-2008 12:04 AM

тАО05-16-2008 12:04 AM

Re: 2510-24

nooo port 25 unprotect if port 25 connection internet router

please only port 10 protect command


cenk
cenk

0 Kudos
Alessandro_78
Regular Advisor

тАО05-16-2008 12:06 AM

тАО05-16-2008 12:06 AM

Re: 2510-24

Thanks for the reply.
Any security issue with this setup?
Vlans are more secure than protected ports?
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.