Manualshelf

Common Criteria for HP Networking Switches

ManualsBrandsHP ManualsComputer AccessoriesHP 20-port Gig-T / 4-port SFP v2 zl Module
11121314151617181920
19
normally without validating their authenticity, provided no authorized servers are configured.
Note: Enabling ARP protection without first configuring DHCP Snooping and/or static bindings will cause
all ARP packets to be dropped.
ARP Protection also can be configured to drop:
ARP request or response packets, where the source MAC address in the Ethernet header does
not match the sender MAC address in the body of the ARP packet.
Unicast ARP response packets, where the destination MAC address in the Ethernet header does
not match the target MAC address in the body of the ARP packet.
ARP packets, where the sender or target IP address is invalid. Invalid IP addresses include
0.0.0.0, 255.255.255.255, all IP multicast addresses, and all Class E IP addresses.
For more information on configuring Dynamic ARP Protection or DHCP Snooping, see the Access Security
Guide for your switch.
Physical Security
Password Clear Protection Front-Panel Security
HP switches utilize the Reset and Clear buttons on the front panel to help users reset the switch
configuration to factory default or to reset the console password. This capability creates a security risk
anywhere it’s impossible to prevent physical access to the switch. ProCurve makes it possible to disable
this functionality to protect from malicious use of these features.
There are two components to front-panel security: “password clear” and “factory reset.” Both must be
disabled to fully secure the device.
In the switch’s default mode, a malicious user can utilize the front-panel clear button to reset a console
password stored locally on the switch. To disable this feature, issue the command:
HP Switch(config)# no front-panel-security password-clear
The other capability built into HP switches is the ability to reset the switch configuration to the factory
default mode:
HP Switch(config)# [no] front-panel-security factory-reset
Executing this command prevents reset of the switch configuration by use of the front-panel Reset and
Clear buttons.
It’s critical to understand that disabling these features severely restricts administrator options if the
password is lost or forgotten. Before making these changes, users are strongly encouraged to review all
considerations outlined in the Access Security Guide for your switch.