- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- automating mac lockout
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-07-2009 09:52 AM
тАО11-07-2009 09:52 AM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-09-2009 12:30 AM
тАО11-09-2009 12:30 AM
Re: automating mac lockout
You can test by downloading the 60 day trial from the procurve website.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-09-2009 06:27 AM
тАО11-09-2009 06:27 AM
Re: automating mac lockout
I have looked at the events entry but do not see anything that records the mac address of a device connecting to a switch. Is there a log file that shows more detailed information?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-09-2009 04:49 PM
тАО11-09-2009 04:49 PM
Re: automating mac lockout
So in the case of NIM 2.0, you have several triggers like NBAD (Network Behavior Anomaly Detection), external IPS/IDS, or other applications which can be used to perform actions like Mac-lockout, rate limiting or configuring vlans.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-09-2009 08:26 PM
тАО11-09-2009 08:26 PM
Re: automating mac lockout
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-10-2009 04:28 PM
тАО11-10-2009 04:28 PM
Re: automating mac lockout
Reading: http://h40060.www4.hp.com/procurve/uk/en/pdfs/application-notes/AN-S16_ProCurve-NIM-policy-mgmt-final-093008.pdf
http://www.procurve.com/NR/rdonlyres/4C3E6B65-86EA-4436-AEED-ADCF4AA75EBB/0/NetworkImmunityManagerEventInterpretationTechBrief_Dec_07_WW_Eng_A4.pdf?jumpid=reg_R1002_USEN
If you clarify what your goal is, then we can search for a solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-11-2009 06:28 AM
тАО11-11-2009 06:28 AM
Re: automating mac lockout
or, be able to automatically enable a port in a specified time period after the number of devices that can attach to a port has been exceeded.
Similar to specifying the number of devices that can attach to a switch port before an action is taken. Problem with this approach is I have to manually remove the flag and enable the port.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-11-2009 12:05 PM
тАО11-11-2009 12:05 PM
Solutionansw: at the moment a little complicated to create, but it should be possible in the future with a new enhanced scripting engine in PCM3. For now you can manual enable and disable mac lockout.
or, be able to automatically enable a port in a specified time period after the number of devices that can attach to a port has been exceeded.
answ: maybe port security can help with a continous learnmode of a number of max clients
switch (config)# port-security 1 address-limit 8 learnmode limited continuous
The 9th client will be disabled.
Similar to specifying the number of devices that can attach to a switch port before an action is taken. Problem with this approach is I have to manually remove the flag and enable the port.
answ: see response to your 2nd question
Maybe another idea is to use mac authentication. In this case only registered mac adresses are allowed and unwanted mac adresses can be moved to a policy with less bandwith and/or restricted resource availability. Like internet only. unknown adresses are handled in a separate part of the network or not granted for access.
Sietze
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-11-2009 12:38 PM
тАО11-11-2009 12:38 PM