HPE Community
Switches, Hubs, and Modems
1833762 Members
2703 Online
110063 Solutions
New Discussion

Blocking TCP/IP Ports with ProCurve Manager

 
Phil Barnett
Occasional Advisor

‎06-16-2010 03:04 AM

‎06-16-2010 03:04 AM

Blocking TCP/IP Ports with ProCurve Manager

Hi there

We have just upgraded our network with a HP 5406ZL as our Core switch with edge switches consisting of the 2510 and 2520 range. We were told when we ordered all of the kit that the switches and ProCurve Manager would allow us to block certain ports from being used, e.g the ports that iTunes uses.

We have been told by someone from the same company that you can't limit the ports in this way and we can't find the options because we have a severe lack of knowledge with ProCurve Manager.


Could anyone shine some light on this?
0 Kudos
5 REPLIES 5
Mohammed Faiz
Honored Contributor

‎06-16-2010 05:26 AM

‎06-16-2010 05:26 AM

Re: Blocking TCP/IP Ports with ProCurve Manager

Hi,

There's no functionality within PCM that would do that for you that I'm aware of (I'm sure someone else on the forum can confirm/correct this).
The only method that'd you would have to do this would be to create ACLs for the various vlans that you want to restrict traffic on. You could then use PCM to push these ACLs out to the switches but it wouldn't write them for you.
0 Kudos
Phil Barnett
Occasional Advisor

‎06-16-2010 11:16 PM

‎06-16-2010 11:16 PM

Re: Blocking TCP/IP Ports with ProCurve Manager

Thanks for the response, would an ACL be able to limit traffic to a particular application on a VLAN? I don't know much on ACLs.


Thanks again
0 Kudos
Javed Padinhakara
Respected Contributor

‎06-17-2010 01:25 AM

‎06-17-2010 01:25 AM

Re: Blocking TCP/IP Ports with ProCurve Manager

As Faiz says, there is no direct way to address this.

However, there is a feature in PCM, where you can create a policy to turn off/on a port(or group of ports), based on criteria's like
- generation of particular event
- scheduled to execute in a periodic manner.

Leveraging this, possibly we could meet your requirement to some extent by determining if the end-user connected to the port exibits certain behaviour which would cause an event to be generated at switch ( and PCM being a trap-listener would get notified ). Once such an event happens, you could configure the Port on/off policy ("Portsettings:Enable/Disable Port) to turn off the required port(s).


Check the admin Guide @
http://cdn.procurve.com/training/Manuals/PCM-AdminGuide-Jan2010-5990-8850.pdf

for various features, especially the section on Policy Manager.


HTH
Javed

ps:-Noticed that you have joined recently and hence thought will share an important the ettique followed in the forum - assign points on scale (1-10) to people trying to help; its an appreciation for the time they spend in responding to your questions
0 Kudos
Mohammed Faiz
Honored Contributor

‎06-17-2010 06:22 AM

‎06-17-2010 06:22 AM

Re: Blocking TCP/IP Ports with ProCurve Manager

An ACL would allow you to limit traffic on a port (and in certain very specific cases, protocol) basis.
So for example here's a line from an ACL that allows DNS traffic from a particular server:

permit udp 0.0.0.0 255.255.255.255 192.168.10.10 0.0.0.0 eq 53

Check out the chapter on ACLs in the manual, it'll explain them much better than I can :)

http://cdn.procurve.com/training/Manuals/3500-5400-6200-6600-8200-ASG-Mar10-10-ACLs.pdf
0 Kudos
Phil Barnett
Occasional Advisor

‎06-24-2010 01:18 AM

‎06-24-2010 01:18 AM

Re: Blocking TCP/IP Ports with ProCurve Manager

Thanks for all the responses, from what I've been reading in the manual and looking at on the switches I can only apply an ACL to a port on the 5400 which will edit traffic going through that port. As the 2520 don't have ACL natively I'm guessing that you can't push an ACL onto the individual ports of the 2520?



Thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.