Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
11121314151617181920
Displaying the static configuration of IP-to-MAC bindings..................................................380
Debugging dynamic IP lockdown..................................................................................381
Verifying the dynamic IP lockdown configuration..................................................................381
Adding a MAC Address to a port......................................................................................382
Checking for intrusions, listing intrusion alerts, and resetting alert flags (CLI)............................383
Checking for intrusions, listing intrusion alerts, and resetting alert flags (Menu).........................385
Using the event log to find intrusion alerts CLI......................................................................386
Using the event log to find intrusion alerts menu...................................................................387
Overview............................................................................................................................387
DHCP Snooping..............................................................................................................388
DHCP Operational Notes.................................................................................................389
Dynamic ARP Protection....................................................................................................389
Dynamic IP Lockdown.......................................................................................................390
Protection against IP source address spoofing.................................................................390
Prerequisite: DHCP snooping........................................................................................390
Filtering IP and MAC addresses per-port and per-VLAN....................................................391
Operational notes.......................................................................................................392
Differences Between Switch Platforms.............................................................................393
Adding an IP-to-MAC binding to the DHCP binding database................................................393
Potential issues with bindings........................................................................................394
Using the instrumentation monitor.......................................................................................394
Operating notes for the instrumentation monitor..............................................................395
Port Security....................................................................................................................396
About Port security...........................................................................................................396
Basic operation...........................................................................................................396
Default port security operation..................................................................................396
Trusted ports..........................................................................................................396
Intruder protection..................................................................................................397
Eavesdrop protection..............................................................................................397
General operation for port security...........................................................................397
Eavesdrop prevention...................................................................................................398
Disabling Eavesdrop Prevention................................................................................398
Feature interactions when Eavesdrop Prevention is disabled..........................................398
Blocking unauthorized traffic.........................................................................................399
Trunk group exclusion..................................................................................................399
Retention of static addresses.........................................................................................399
Learned addresses..................................................................................................400
Assigned/Authorized Addresses...............................................................................400
Specifying Authorized Devices and Intrusion Responses...............................................400
Adding an Authorized Device to a Port......................................................................401
Removing a Device From the “Authorized” List for a Port...............................................402
How MAC Lockdown works..........................................................................................403
MAC Lockdown operating notes....................................................................................404
Limits....................................................................................................................404
Event Log messages................................................................................................404
Limiting the frequency of log messages......................................................................404
Differences between MAC lockdown and port security.....................................................404
Deploying MAC lockdown............................................................................................405
Basic MAC Lockdown deployment............................................................................406
Problems using MAC Lockdown in networks with multiple paths....................................406
How MAC Lockout works.............................................................................................407
Port security and MAC Lockout......................................................................................408
Reading intrusion alerts and resetting alert flags..............................................................408
Notice of security violations.....................................................................................408
How the intrusion log operates.................................................................................409
Contents 15