Comware

Hi,

I'd like to write a script to assigning security per port in a Procurve. The situation is: in my company we activate the security per each port, and is configured to allow only 1 device with its MAC. When a PC is changed we have to use the web interface to delete the old MAC and we are looking some solution to automate the process. Can I execute scripts in a Procurve? How?

Thanks

Hello,

The firmware of the 2600, 2800, 3400 and 5300 series now support Mac, web and 802.1x authentication. Mac adresses are checked against a radius server (MS IAS, Funk steel belted, Radiator, Free-radius, etc etc) and the authenticated client can dynamicly put in a vlan.

Mac authentication is not a strong security mechanism, its better to move up to 802.1x.

So using radius together with mac authentication you can easily automate your security.

I agree with Sietze that moving to a radius solution is better, but if you still need scripting, you can use the cli for that.
Make a script which opens a telnet session, and excutes commands.
There are lots of ways to do that, examples:
- perl with the Net::Telnet module (http://search.cpan.org/~jrogers/Net-Telnet-3.03/lib/Net/Telnet.pm)
- Expect (http://expect.nist.gov/)
- VBscripting (example: http://www.vandyke.com/support/crt/scripts/connect_telnet_vbs.txt)

Also. You can use ProCurve Manager Plus for executing CLI commands to multiple switches at once. Only drawback is the lack of variables.