Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
3-5
Products
HP ProCurve Hardware
ResponseIn responding to detected threats, NIM relies on several features of switches and
wireless devices. Table 3-2 indicates which switches and wireless devices support these
features. The relevant features for threat detection and response are listed below.
Port shutdownNIM can direct most HP ProCurve switches to block traffic on a specified
port (typically the port where an attack originates).
MAC lockoutNIM can direct some switches and wireless devices to deny traffic from a
specified MAC address.
Rate limitingOn the switches that support rate limiting, NIM can limit the bandwidth
allowed on a specified port (typically the port where an attack originates).
VLAN assignment
NIM can direct most HP ProCurve switches to re-assign a port to a
specified VLAN (typically a quarantine VLAN that isolates the offender and allows remedial
action to be taken).
Local mirror reconfiguration
For many HP ProCurve switches, NIM can direct the switch
to copy traffic from specified ports to a local mirror port on the same switch (typically for
analysis by an IDS).
Remote mirror reconfigurationFor select HP ProCurve switches, NIM can direct the
switch to copy traffic from specified ports to a remote mirror port on a different switch
(typically for analysis by an IDS).
MAC mirroring reconfiguration—For select HP ProCurve switches, NIM can direct the
switch to copy traffic from a certain source MAC address or to a certain destination MAC
address and send it to either a local mirror port or a remote mirror port.