![](/images/backgrounds/285757/hp-procurve-2600-series-users-manual-550038258x1.png)
Configuring and Monitoring Port Security
IP Lockdown
IP LockdownIP lockdown is available on the Series 2600 and 2800 switches only.
The “IP lockdown” utility enables you to restrict incoming traffic on a port to a specific IP address/subnet, and deny all other traffic on that port.
Operating Rules for IP Lockdown
■Users cannot specify that certain subnets be denied while others are permitted.
■Users cannot filter on protocol or destination IP address.
■The lockdown feature applies to inbound traffic on a port only.
■There is no logging functionality for this feature, i.e. no way to determine if IP address violations occur.
■The same subnet mask must be used for all ports within an 8 port block
•If you configure Port 1 with:
•Then configure Port 2 with:
•Then configure Port 3 with:
This command would return an error and not be configured due to the differing subnet mask.
Using the IP Lockdown Command
The IP lockdown command operates as follows:
Syntax:
Defines the subnet and related IP addresses allowed for incoming traffic on the port.
The following example prevents traffic from all IP addresses other than those specified in subnet 192.168.0.1/24 from entering the switch on interface 1.
ProCurve Switch 2626 | (config) # | interface 1 |
ProCurve Switch 2626 | ||
ProCurve Switch 2626 | exit |