Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

preventing installation of other switches

Giovanni Trapasso_1
Frequent Advisor

preventing installation of other switches

Is there a setting on the HP Procurve switches, primarily the HP Procurve 2524 and the 2810 series, to stop someone from connecting other switches to our infrastructure. Want to stop people from connecting linksys type switches to the network port in their offices. But I don't want to limit the number of computer that connect to that network port.

thanks
13 REPLIES
cenk sasmaztin
Honored Contributor

Re: preventing installation of other switches

you can use port security whit this commad

sw1(config)# port-security 1-10 learn-mode static address-limit 1 action send-disable

port-securtiy feaure for securtiy

each port connect only one mac address (if you want between 1-32 mac address )

above commad for only one mac address connection each port

*learn mode automaticaly write mac address on port there for check all port connect must be only compony pc

*address limit 1 only one address connect on port

*action send disable ;if connect prular machine or unauthorize mac on port port is go disable state

don't for write up link port this commad
cenk

Giovanni Trapasso_1
Frequent Advisor

Re: preventing installation of other switches

Thanks, but as my original message states, I don't want to limit the number of computer that connect to it. So port security is a no.

I was thinking to disable the auto-mdix, but the cheap linksys switches support auto-mdix so it wouldn't matter.
cenk sasmaztin
Honored Contributor

Re: preventing installation of other switches

no mdix mode imposible disable
only change status

sw1(eth-1)# mdix-mode
mdi Configures port for connecting a PC with a crossover cable
mdix Configures port for connecting a PC with a straight-through cable
automdix Configures port for automatic detection of the cable
sw1(eth-1)# no mdix-mode
Invalid input: mdix-mode

cenk

Giovanni Trapasso_1
Frequent Advisor

Re: preventing installation of other switches

on the Procurve 2524 it is a global switch setting:
auto-mdix Enable/disable auto-mdix mode for all ports

The Procurve 2810 switch can be done per port:

(eth-5)# mdix-mode
mdi - Configures port for connecting a PC with a crossover cable
mdix - Configures port for connecting a PC with a straight-through cable
automdix - Configures port for automatic detection of the cable
cenk sasmaztin
Honored Contributor

Re: preventing installation of other switches

may be be useful

but today all producer support mdix protocol

for example
http://www.directron.com/sd208.html

Linksys 8-Port 10/100 Switch SD208, up to 200Mbps (Full-duplex Mode), w/ Auto MDI/MDI-X Crossover Detection. ds

as for me not resolution disable mdix

cenk

cenk sasmaztin
Honored Contributor

Re: preventing installation of other switches

you can disable mdix on procurve

cheap switch seting own mdix status and after all connect procurve switch

on 2524 disable mdix to say all port go trun only mdix mode

configures port for connecting a PC with a straight-through cable

no working cross over cable connection on port.
cenk

cenk sasmaztin
Honored Contributor

Re: preventing installation of other switches

I haven't 2524 swithc if you want make test
cenk

Giovanni Trapasso_1
Frequent Advisor

Re: preventing installation of other switches

I have tested this on both 2524 and 2810 procurve switches. I disabled the auto mdix and connected a linksys switch, but the link still came up because the linksys switch has auto-mdix, so the link came up.
Pieter 't Hart
Honored Contributor

Re: preventing installation of other switches

>>> So port security is a no <<<

You can use port security to limit the alowed mac-adresses active at a port at a given time, but allow other mac-adresses to be learned after a given timeout.

so it's no problem when computers are exchanged (as long this takes longer than the timeout let's say 2-5 min.).
but blocks multiple mac-adresses at the same time is case of a hub or switch is connected.
Pieter 't Hart
Honored Contributor

Re: preventing installation of other switches

looking at ftp://ftp.hp.com/pub/networking/software/2810-Security-July2007-59914734.pdf

port-security < port-list > learn-mode continuous address-limit 1

will keep 1 mac-adres active for the "MAC Age Interval".
the default for MAC Age Interval seems to bee 300 seconds.

I think this gives the result you need?

Pieter
Giovanni Trapasso_1
Frequent Advisor

Re: preventing installation of other switches

issue closed
Pieter 't Hart
Honored Contributor

Re: preventing installation of other switches

so what which post gave you info about your question ?
cenk sasmaztin
Honored Contributor

Re: preventing installation of other switches

you are welcome Giovanni
cenk