HP ProCurve Threat Management Solution Implementation Guide 2009-05
4-101
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Step 4: Analyze Events
In the following example output, VLAN 50 was created on the switch to quarantine a worksta-
tion that was sending suspicious traffic:
Maximum VLANs to support: 256
Primary VLAN : DEFAULT_VLAN
Management VLAN :
VLAN ID Name | Status Voice Jumbo
------- -------------------- + ---------- ----- -----
1 DEFAULT_VLAN | Port-based No No
10 VLAN10 | Port-based No No
16 VLAN16 | Port-based No No
50 VLAN-5050 | Port-based No No
If you have configured rate limiting as an action, you can access the switch and enter the
following command to verify that the offender’s port was rate limited:
ProCurve switch# show rate-limit all
All-Traffic Rate Limit Maximum %
Port | Inbound Limit Mode Radius Override | Outbound Limit Mode
----- + ------------ ----- --------------- + -------------- ----
1 | Disabled Disabled No-override | Disabled Disabled
2 | Disabled Disabled No-override | Disabled Disabled
3 | Disabled Disabled No-override | Disabled Disabled
4 | Disabled Disabled No-override | Disabled Disabled
5 | 15 % No-override | Disabled Disabled
6 | Disabled Disabled No-override | Disabled Disabled
. . .
If you have configured port mirroring as an action and an event triggers this action, you can
check the status of the mirror port in PCM+/NIM. Complete these steps.
1. In the PCM+ navigation tree, select the mirror port’s switch.
2. Click the Port List tab and then the Port Status tab.