Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Procurve MAC filtering

Geoff Galitz
Occasional Visitor

Procurve MAC filtering

Hello.

HP ProCurve 2610
HP ProCurve 2650

We'd like to filter MAC addresses for access to a network across an entire switch. That is, we do not want to restrict MAC addresses to specific ports because we have users that regularly move around.

So far we have been unable to do this. If this is not possible, can anyone tell me what the maximum number of supported MAC addresses per port is? Do we have other options for this kind filtering other than via the ProCurve switch?

Thanks.
3 REPLIES
cenk sasmaztin
Honored Contributor

Re: Procurve MAC filtering

best way mac filtering for user on procurve siwtch (for dynamically and best security)

802.1x mac authentication

each user identification mac address on network via radius server

when connect user on switch port send authentication request this request include user mac address if user send true mac address to radius server radius server response confirmation packet on switch and user connect network

any user ,any switch and any time make mac authentication
very flexibility and very secure

cenk

Javed Padinhakara
Respected Contributor

Re: Procurve MAC filtering

In addition to the excellent recommendation by Cenk above, you can also see if the "Port Security" feature available in 2610 and 2650 meets your need.

This would allow you to configure upto 8 MAC-address per port which needs to be authorized for access via that port.

check out
http://ftp.hp.com/pub/networking/software/Security-Oct2005-59906024-Chap09-Port_Security.pdf
for details

Hope that helps

`Javed

Ps: This being your first post to the forum thought will share these guidelines as well:
http://66.34.90.71/ITRCForumsEtiquette/after.html

Geoff Galitz
Occasional Visitor

Re: Procurve MAC filtering


Thanks for the answers, but unfortunately those solutions don't fit cleanly into the environment in question.

We ended up using a Dell switch which supports the specified behavior in the original post by using layer 2 ACLs.

It does appear that other Procurve models support layer 2 ACLs but we did not have any on-hand and we had the Dell already available in the rack.

The problem with the radius approach is that adding new components into the infrastructure is not desired as the on-site IT staff is limited in staff and know-how.

Thanks.