HPE Community
Switches, Hubs, and Modems
1752800 Members
5641 Online
108789 Solutions
New Discussion юеВ

HP PROCURVE 2524 : HOW CAN I ASSIGN A UNIQUE MAC ADDRESS TO A PORT (and refuse others)

 
SOLVED
Go to solution
Terry_71
Occasional Contributor

тАО03-03-2004 05:22 AM

тАО03-03-2004 05:22 AM

HP PROCURVE 2524 : HOW CAN I ASSIGN A UNIQUE MAC ADDRESS TO A PORT (and refuse others)

Hello to all

Got a Procurve 2524.

Each day a POWERMAC G4 OS 9 (and others) on my LAN ,who as is own IP, acts as he was stealing the IP of another POWERMAC G4 OS 10.2 :
Suddenly on the screen of the Powermac G4 OS 10.2 appears a message saying "MAC address of the (POWERMAC G4 OS 9)as already IP (IP number of the POWERMAC G4 OS 10.2)"

.. POWERMAC G4 OS 9 stills has is own IP who didn't changed, but the MAC address mentionned is his MAC address !!!

Well I saw that HP PROCURVE can say me for each of his ports what MAC Addresses are using it in its mac-address table .... but I wanted to know if I could say : OK, port 1 I only autorize traffic from and to MAC ADDRESS XX:XX:XX:XX:XX:XX
Then port two I only authorize traffic from and to MAC ADDRESS YY:YY:YY:YY:YY:YY, then (etc ...)

Thanks in advance to who knows !

Have a nice day
Terry



0 Kudos
2 REPLIES 2
Ron Kinner
Honored Contributor

тАО03-03-2004 09:59 AM

тАО03-03-2004 09:59 AM

Solution

Re: HP PROCURVE 2524 : HOW CAN I ASSIGN A UNIQUE MAC ADDRESS TO A PORT (and refuse others)

From the Command Line you have to type for port 1:

port-security 1 learn-mode static address-limit 1 mac-address xxxxxx-xxxxxx action none

for port 2:

port-security 2 learn-mode static address-limit 1 mac-address yyyyyy-yyyyyy action none

and so on.

See Page 7-9 of the manual at:

ftp://ftp.hp.com/pub/networking/software/59692354.pdf

Via the Web interface see Page 7-21 for details but you just click on the Security tab and then on Port Security and change each port to Static learn mode then enter the maximum addresses a port should allow and the Mac addresses. You can also have it send you an SNMP message if you are set up to use them.

Either way you set it up it should not allow anyone but that MAC to operate on that port. It will not limit who he can talk to on other switch ports - for that you need VLANs or Isolated Port Groups (requires latest software see page 6 of:
ftp://ftp.hp.com/pub/networking/software/59903102-E2.pdf) Come to think of it, Isolated Port Groups might work for you if your users don't need to talk to each other but instead only talk to the internet or some servers.

Ron





Terry_71
Occasional Contributor

тАО03-03-2004 07:45 PM

тАО03-03-2004 07:45 PM

Re: HP PROCURVE 2524 : HOW CAN I ASSIGN A UNIQUE MAC ADDRESS TO A PORT (and refuse others)

Ok, I'll look at isolated ports too ...

Thanks Ron !

Have a nice day
Terry
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.