HP ProCurve Threat Management Solution Implementation Guide 2009-05
3-145
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 4: Analyze Events
In the following example output, VLAN 50 was created on the switch to quarantine a worksta-
tion that was sending suspicious traffic:
Maximum VLANs to support: 256
Primary VLAN : DEFAULT_VLAN
Management VLAN :
VLAN ID Name | Status Voice Jumbo
------- -------------------- + ---------- ----- -----
1 DEFAULT_VLAN | Port-based No No
10 VLAN10 | Port-based No No
16 VLAN16 | Port-based No No
50 VLAN-5050 | Port-based No No
If you have configured rate limiting as an action, you can access the switch and enter the
following command to verify that the offender’s port was rate limited:
ProCurve switch# show rate-limit all
All-Traffic Rate Limit Maximum %
Port | Inbound Limit Mode Radius Override | Outbound Limit Mode
----- + ------------ ----- --------------- + -------------- ----
1 | Disabled Disabled No-override | Disabled Disabled
2 | Disabled Disabled No-override | Disabled Disabled
3 | Disabled Disabled No-override | Disabled Disabled
4 | Disabled Disabled No-override | Disabled Disabled
5 | 15 % No-override | Disabled Disabled
6 | Disabled Disabled No-override | Disabled Disabled
. . .
Task: Set up Reporting
Although you can generate many reports in PCM+, this section describes only reports that are
directly applicable to NIM. You can access these NIM-related reports through the menus and
sub-menus:
• Reports > Network Activity > Policy Activity
• Reports > Threat Management > Policy Activity
1. Navigate to one of the sub-menus listed above and then select a report.
2. In the first window of the Report Wizard, select a group name or a particular device.
3. Specify other parameters in this and any following windows of the wizard to create the
report you want.
4. Click Finish to see the report. Optionally, print the report or save it to disk using the buttons
in the toolbar above the report.