HPE Community
Switches, Hubs, and Modems
1753394 Members
7291 Online
108792 Solutions
New Discussion юеВ

Re: ProCurve 2650 for classic housing environment

 
Nico_24
Occasional Advisor

тАО01-16-2005 11:28 AM

тАО01-16-2005 11:28 AM

ProCurve 2650 for classic housing environment

Hi all,

we are currently planing on a small "classic" housing location. Therefore we are thinking about the typical security problems e.g. ARP/Mac-Spoofing, DHCP-Server, IP allocation..
The ProCurve 2600 series sounds really interesting for our intention, but there are still unanswered questions to me:

- usually, up to 4 IP Addresses will be assigned to one server. They are taken from a /24 subnet. Is it possible with the 2600 series switches to put each network port in it's own vlan with routing capabilities between all ports? There is one uplink for all ports and no layer3 device on the next level - especially no 802.1q cabable device
- is it possible to have only one dhcp server running for all ports without worrying about a possibly running dhcpd from a customer? I guess this will work with vlans but maybe there is another solution
- is there a really good way to make sure, that customer A on Port1 only uses those 4 IPs he was given from us? Since the switch is a Layer3 Device I hope there is a built-in solution

Thanks for your answers in advance!

Regards,
Nico
0 Kudos
3 REPLIES 3
Nico_24
Occasional Advisor

тАО01-18-2005 01:25 AM

тАО01-18-2005 01:25 AM

Re: ProCurve 2650 for classic housing environment

Does nobody of you know an answer? How do you solve the arp-spoofing problem? How do you make sure, that no other server with a running dhcpd interferes your network?

Regards,
Nico
0 Kudos
Victor_68
Advisor

тАО01-18-2005 11:56 PM

тАО01-18-2005 11:56 PM

Re: ProCurve 2650 for classic housing environment

Hi,

I am not sure this is what you are looking for....
To ensure that the individual ports only recives traffic from the uplink and not from each other there is a feature called source port filtering that is a feature that are easily used in hotel or apartment buildings to make sure that no traffic goes from one customer to another.

Cheers
Victor


0 Kudos
Nico_24
Occasional Advisor

тАО01-19-2005 02:43 AM

тАО01-19-2005 02:43 AM

Re: ProCurve 2650 for classic housing environment

Hi,

thanks for your answer. Actually I want Customer A to be able to communicate with Customer B. But I'd prefer a different solution than using arpwatch to make sure nobody is trying to catch foreign traffic.
Let's for example say I have a /24 subnet, e.g. 192.168.0.0/24. I have 3 customers on a 2600 series switch, each with 4 IP-addresses like that:

- Customer A: 192.168.0.1 to 192.168.0.4
- Customer B: 192.168.0.5 to 192.168.0.8
- Customer C: 192.168.0.9 to 192.168.0.12

They are using Port1, 2 and 3. Port 25 is my Uplink port. Each port from 1 to 24 has it's own vlan. In this setup, Customer A would not be able to communicate with Customer B, not even through the uplink. I am not even sure if this setup works if I do not have a 802.1q capable device where my uplink is connected to. I hope some of you may help.

Thanks & regards,
Nico
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.