Owner's manual

HP ProCurve Switch 4000M / 8000M / 2424M / 1600M Reviewer’s Guide

connected to a specific port, file server traffic can be excluded from other ports of the net manager’s

choice, preventing users on designated ports access to the file server.

2.11.2 Broadcast Storm Prevention

The HP ProCurve Switches 4000M/8000M/2424M/1600M have a broadcast throttling filter to control

high levels of broadcasts leaving the switch. Broadcast throttling has been covered in a previous

section dealing with Automatic Broadcast Control.

2.12 Port Security

Port security can be set in the HP ProCurve Switch 4000M/8000M/2424M/1600M so that:

• Unicast packets are sent out the port only if they are for authorized end nodes on that port. All

other unicast packets are dropped. All multicast and broadcast packets are forwarded.

(prevents eavesdropping of general network traffic at an open port on the switch)

Authorized nodes can be defined in two different ways:

• Continuous – any node connected to the port is authorized. Essentially any node address in the

bridge address table for this port becomes an authorized node for this port. This setting

prevents generally flooded unicast packets from being sent out this port, but allows any actual

nodes downstream from this port to receive unicast traffic specifically addressed to those

nodes. Since these authorized port entries are dynamic, they age out at the rate set for the

bridge address table.

• Static – The number of MAC addresses allowed for that port (up to 8) is specified. Actual MAC

addresses can then be entered. If the number of actual MAC addresses entered is less than the

number of total addresses allowed, then the switch will fill the address list with the first

addresses it sees that are not specifically configured. This allows the first ports seen to become

authorized without their addresses being explicitly configured.

If a security violation does occur, the switch can be set to send an SNMP trap.

2.13 Flexibility

The HP ProCurve Switches 4000M/8000M/2424M/1600M have been designed with flexibility and high

port density in mind. Any module type can be plugged into any of the module slots. The modules are

hot swappable. Available module types are:

• Single port Gigabit-SX module. Works with 62.5/125 multi-mode fiber cable at up to 220M, or

50/125 multi-mode fiber cable at up to 500m. (SC connectors)

• Single port Gigabit-LX module. Works with single-mode fiber cable up to 5km, or with either

62.5/125 or 50/125 multi-mode fiber cable up to 550m (mode-conditioning cable may be needed

for multi-mode use per IEEE 802.3z). (SC connectors)

• Single port 100/1000Base-T module. Works with Category 5 or better UTP wiring at up to 100m.

• Eight port UTP autosensing 10/100Base-TX module.

• Four port 100Base-FX module (SC connectors)

• Four port 10Base-FL module (ST connectors)

• HP ProCurve Switch 2424M Gigabit Stacking Module provides two Gigabit ports that are

transceiver-based. Transceivers available are:

• HP ProCurve Gigabit-SX Transceiver

Starting with firmware revision C.07.23. Older revisions can be updated at no charge through the HP ProCurve web site.