Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
2-19
Concepts
Deployment Options
of the malicious activity and then takes the action that you have configured to neutralize
that activity. For example, you may have configured an action such as shutting down the
port where the activity originates.
NIM + wireless devicesUsing NIM with wireless devices is really just a special case
of the NIM standalone deployment. As Figure 2-13 shows, a WESM can send wireless sFlow
data to NIM. If NIM detects a threat in this sFlow data, it can enforce a MAC lockout through
the WESM. This allows you to manage events on your wireless network in the same way
that you manage events on the wired network.
Figure 2-13. NIM and Wireless Devices Deployment
In this example, wireless traffic from the laptops in the visitor lobby and public conference
rooms enters the network through radio ports (RPs) that are centrally managed by a WESM
in the switch. The WESM provides sFlow data to NIM, and if NIM detects an attack, it can
lock out the MAC address of the attacker.
Internet
Data
Center
Employee
Cubicles
Visitor Lobby
Conference Rooms
sFlow Data
to NIM
NIM Response:
MAC Lockout
NBAD Analysis
Traffic in from APs
APs
ProCurve Switch
NIM