Comware

 View Only

  • 1.  Procurve MAC filtering

    Posted Jul 16, 2009 07:34 AM
    Hello.

    HP ProCurve 2610
    HP ProCurve 2650

    We'd like to filter MAC addresses for access to a network across an entire switch. That is, we do not want to restrict MAC addresses to specific ports because we have users that regularly move around.

    So far we have been unable to do this. If this is not possible, can anyone tell me what the maximum number of supported MAC addresses per port is? Do we have other options for this kind filtering other than via the ProCurve switch?

    Thanks.


  • 2.  RE: Procurve MAC filtering

    Posted Jul 16, 2009 09:24 AM
    best way mac filtering for user on procurve siwtch (for dynamically and best security)

    802.1x mac authentication

    each user identification mac address on network via radius server

    when connect user on switch port send authentication request this request include user mac address if user send true mac address to radius server radius server response confirmation packet on switch and user connect network

    any user ,any switch and any time make mac authentication
    very flexibility and very secure



  • 3.  RE: Procurve MAC filtering

    Posted Jul 19, 2009 12:37 AM
    In addition to the excellent recommendation by Cenk above, you can also see if the "Port Security" feature available in 2610 and 2650 meets your need.

    This would allow you to configure upto 8 MAC-address per port which needs to be authorized for access via that port.

    check out
    http://ftp.hp.com/pub/networking/software/Security-Oct2005-59906024-Chap09-Port_Security.pdf
    for details

    Hope that helps

    `Javed

    Ps: This being your first post to the forum thought will share these guidelines as well:
    http://66.34.90.71/ITRCForumsEtiquette/after.html



  • 4.  RE: Procurve MAC filtering

    Posted Jul 19, 2009 06:20 AM

    Thanks for the answers, but unfortunately those solutions don't fit cleanly into the environment in question.

    We ended up using a Dell switch which supports the specified behavior in the original post by using layer 2 ACLs.

    It does appear that other Procurve models support layer 2 ACLs but we did not have any on-hand and we had the Dell already available in the rack.

    The problem with the radius approach is that adding new components into the infrastructure is not desired as the on-site IT staff is limited in staff and know-how.

    Thanks.



Related Content