- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Promiscuous Ports on 2824
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2007 03:47 PM
тАО04-28-2007 03:47 PM
There is another 2824 directly connected to this switch and it doesn't show "promiscuous".
Other 2824's in other parts of our network don't show "promiscuous". There is nothing evident in the configs to show port mirroring/monitoring etc. The configs are very small and easy to compare and I can't see why the switch is "different".
Can anyone suggest why this switch is indicating Promiscuous mode?
Kevin
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2007 01:29 AM
тАО04-29-2007 01:29 AM
Re: Promiscuous Ports on 2824
If you can't find out this information, then I'd factory reset the switch using the clear and reset button combination, and re-enter the configuration.
Although I don't know exactly what it could be, it's possible that some other SNMP application made some changes via SNMP that enabled this 'promiscuous mode' which would not be reflected in the running-config.
What you could do on the switch is run the following command and capture the output via TFTP:
'copy command-output "walkmib 1" tftp
Run the same command on the other 2824, and then using ExamDiff compare the difference of the two files.
ExamDiff: http://www.prestosoft.com/edp_examdiff.asp
You should then be able to see all the differences between the two switches including changes that may have been made via SNMP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2007 04:30 AM
тАО04-29-2007 04:30 AM
Re: Promiscuous Ports on 2824
This particular switch is in a server farm that is in the middle of a large NT to W2K3 migration so I'm not sure I will be allowed to do anything to it at the moment.
Other reading on the net suggests that a sniffing/analyzer application is running somewhere. It mentions that applications are able to turn on "promiscuous mode". This was generally on nics on servers but is this also possible for HP switches?
As far as I can tell there is no command in HP to turn this mode on. Are you suggesting that an SNMP command could enable this mode?
That would indicate somewhat of a security issue and it would be good to know how to prevent/control this. With all ports in promiscuous mode the switch is now essentially a hub.
I definitely want to try your suggestion (sounds like good investigative fun) but I am constrained by the migration at the moment. In the meanwhile can you (or anyone else out there) provide an example of an application or simple SNMP command that could put this switch in promiscuous mode?
I may be able to mock this up in our lab. If I can put a lab 2824 into promiscuous mode this would certainly be a good indication.
thanks for your incite!
Hopefully we can learn more from this.
Kevin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2007 12:16 PM
тАО04-29-2007 12:16 PM
SolutionifPromiscuousMode OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object has a value of false(2) if this interface only
accepts packets/frames that are addressed to this station.
This object has a value of true(1) when the station accepts
all packets/frames transmitted on the media. The value
true(1) is only legal on certain types of media. If legal,
setting this object to a value of true(1) may require the
interface to be reset before becoming effective.
The value of ifPromiscuousMode does not affect the reception
of broadcast and multicast packets/frames by the interface."
So on the switch, type in 'walkmib ifPromiscuousMode' and see what it returns. The physical ports should return 1 by default, the VLAN interfaces will return 2.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2007 01:28 PM
тАО04-29-2007 01:28 PM
Re: Promiscuous Ports on 2824
*****
Is the other 2824 switch being probed using SNMPv1? The application only checks the "ifPromiscuousMode" variable when probing a device with SNMPv2c or SNMPv3, so you will never see the promiscuous mode warning when probing with SNMPv1.
ifPromiscuousMode "has a value of true(1) when the station accepts all packets/frames transmitted on the media."
For the interfaces on a switch, this is the normal mode of operation. A switch needs to receive all packets on its interfaces so it can forward them if necessary. For interfaces on a server or router, an interface would only be in promiscuous mode if it was running packet sniffing software.
> Being in red must mean that the application wants me to be aware.
I have filed an ER to have this removed when the device is known to be switch. It's normal for a switch to have interfaces in promiscuous mode.
*****
So what's different between yours and theirs (I think) is that you say that "false" is the normal mode but they say "true" is the normal mode.
I think they got it backwards as after checking other switches (Cisco, etc) anything using the SNMP v2 probe has the same warning.
I would need someone else using an application that checks for this to say if it also finds this mode active on switches.
I would have to convince the application guys that they may have it wrong.
thanks again, I think we're closing in on it.
Kevin