HP ProCurve 3400CL-24G Key Management System (KMS), Port Security, MAC Lockdown, MAC Lockout, and IP Lockdown

Enforcing Switch Security

Network Access Security

* On the 5300xl switches, this feature is available with software release E.09.02 and greater.

Refer to the chapter titled “Configuring Port-Based and Client-Based Access Control” in the Access Security Guide for your switch model.

These features provide device-based access security in the following ways:

■port security: Enables configuration of each switch port with a unique list of the MAC addresses of devices that are authorized to access the network through that port. This enables individual ports to detect, prevent, and log attempts by unauthorized devices to communicate through the switch. Some switch models also include eavesdrop prevention in the port security feature.

■MAC lockdown: This “static addressing” feature is used as an alternative to port security for to prevent station movement and MAC address “hijacking” by allowing a given MAC address to use only one assigned port on the switch. MAC lockdown also restricts the client device to a specific VLAN.

■MAC lockout: This feature enables blocking of a specific MAC address so that the switch drops all traffic to or from the specified address.

■IP lockdown: Available on Series 2600 and 2800 switches only, this feature enables restric- tion of incoming traffic on a port to a specific IP address/subnet, and denies all other traffic on that port.

Refer to the chapter titled “Configuring and Monitoring Port Security” in the Access Security Guide for your switch model.

KMS is available in several ProCurve switch models and is designed to configure and maintain key chains for use with KMS-capable routing protocols that use time-dependent or time-independent keys. (A key chain is a set of keys with a timing mechanism for activating and deactivating individual

18