- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Implementing security with 2800's and 2600's
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2008 02:17 PM
тАО03-12-2008 02:17 PM
Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2008 02:56 PM
тАО03-12-2008 02:56 PM
SolutionIP lockdown: Available on Series 2600 and 2800 switches only, this feature enables restriction
of incoming traffic on a port to a specific IP address/subnet, and denies all other traffic
on that port.
You may need to update to a more recent version of firmware for this feature. Refer to the release notes on how to use it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2008 04:33 PM
тАО03-12-2008 04:33 PM
Re: Implementing security with 2800's and 2600's
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2008 07:50 AM
тАО03-13-2008 07:50 AM
Re: Implementing security with 2800's and 2600's
Reading up on this in the Access Security Guide leaves me a bit unsure with how to proceed.
If for example my network was small and every resource existed on 192.168.100.0/24, would it be acceptable to change the scope to 192.168.0.129->254 and setup IP Lockdown to 192.168.0.128/25 as an example? If I understand how lockdown works, it only concerns itself with the IP and not subnet/broadcast address of the host?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2008 01:13 PM
тАО03-13-2008 01:13 PM
Re: Implementing security with 2800's and 2600's
You could also look at dynamic IP lockdown which works in conjunction with DHCP snooping. That way when the client receives it's address via DHCP it gets locked to that particular address only. If a user tries to set a static address they will not get access to the network. The main advantage of this is that a regular user can move between ports on the switch and you'll still receive the maximum protection against any IP spoofing since it will be using a /32 bit mask internally to lock it to that port.
I think your /25 method should be sufficient for your requirements.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2008 01:36 PM
тАО03-13-2008 01:36 PM
Re: Implementing security with 2800's and 2600's
I would much prefer to use the Dynamic IP Lockdown feature, but I can only find reference to the static IP Lockdown in the Access Security Guide pdf.
Do you know where this is mentioned?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2008 03:34 PM
тАО03-13-2008 03:34 PM
Re: Implementing security with 2800's and 2600's
http://www.hp.com/rnd/software/J49031043.htm
ftp://ftp.hp.com/pub/networking/software/2800-RelNotes-i1043-59906049.pdf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-14-2008 07:13 AM
тАО03-14-2008 07:13 AM
Re: Implementing security with 2800's and 2600's
In my scenario I have two 2650's chained with fiber and a 2824 trunked off two ports of the last 2650. This 2824 has the DHCP server connected to it via a trunked pair as well. If I trust the trunk that the DHCP server uses, how do I allow the two 2650's to see DHCP acknowledgments, do I need to trust the two GBIC ports the 2650's use to connect?
Also, the doc's suggest an 8 ip/port max memory, am I correct in assuming this does not factor in when switches are chained/trunked together?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-14-2008 02:05 PM
тАО03-14-2008 02:05 PM
Re: Implementing security with 2800's and 2600's
Any resource maximums will be per switch.