Locking A Port To Restrict Addresses - HP ProCurve 9304M Installation And Configuration Manual
Routing switches
Hide thumbs
Also See for ProCurve 9304M:
- Management and configuration manual (690 pages) ,
- Installation and getting started manual (348 pages) ,
- User manual (236 pages)
Table of Contents
Advertisement
Installation and Basic Configuration Guide
HP9300(config-bcast-filter-id-3)# exclude-ports ethernet 4/6
HP9300(config-bcast-filter-id-3)# write memory
To configure an IP UDP broadcast filter and apply that applies only to port-based VLAN 10, then apply the filter to
two ports within the VLAN, enter the following commands:
HP9300(config)# broadcast filter 4 ip udp vlan 10
HP9300(config-bcast-filter-id-4)# exclude-ports eth 1/1 eth 1/3
HP9300(config-bcast-filter-id-4)# write memory
Configuring a Layer 2 Multicast Filter
To configure a multicast filter, you must have access to the CONFIG level of the CLI. You can configure up to
eight multicast filters on a device.
Syntax: [no] multicast filter <filter-id> any | ip udp mac <multicast-address> | any [mask <mask>]
[vlan <vlan-id>]
The parameter values are the same as the for the broadcast filter command. In addition, the multicast filter
command requires the mac <multicast-address> | any parameter, which specifies the multicast address. Enter
mac any to filter on all multicast addresses.
Enter mac followed by a specific multicast address to filter only on that multicast address. To filter on a range of
multicast addresses, use the mask <mask> parameter. For example, to filter on multicast groups
0100.5e00.5200 – 0100.5e00.52ff, use mask ffff.ffff.ff00. The default mask matches all bits (is all Fs). You can
leave the mask off if you want the filter to match on all bits in the multicast address.
Configuration Examples
To configure a Layer 2 multicast filter to filter all multicast groups, then apply the filter to ports 2/4, 2/5, and 2/8,
enter the following commands:
HP9300(config)# multicast filter 1 any
HP9300(config-mcast-filter-id-1)# exclude-ports ethernet 2/4 to 2/5 ethernet 2/8
HP9300(config-mcast-filter-id-1)# write memory
To configure a multicast filter to block all multicast traffic destined for multicast addresses 0100.5e00.5200 –
0100.5e00.52ff on port 4/8, enter the following commands:
HP9300(config)# multicast filter 2 any 0100.5e00.5200 mask ffff.ffff.ff00
HP9300(config-mcast-filter-id-2)# exclude-ports ethernet 4/8
HP9300(config-mcast-filter-id-2)# write memory
The software calculates the range by combining the mask with the multicast address. In this example, all but the
last eight bits in the mask are "significant bits" (ones). The last eight bits are zeros and thus match on any value.
Each "f" or "0" is four bits.
Locking a Port To Restrict Addresses
Address-lock filters allow you to limit the number of devices that have access to a specific port. Access violations
are reported as SNMP traps. By default this feature is disabled. A maximum of 2048 entries can be specified for
access. The default address count is eight.
NOTE: In release 07.6.04, a more robust version of this feature was introduced. See "Using the MAC Port
Security Feature" in the Security Guide .
USING THE CLI
EXAMPLE:
To enable address locking for port 2/1 and place a limit of 15 entries:
HP9300(config)# lock e 2/1 addr 15
6 - 42
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the ProCurve 9304M and is the answer not in the manual?
Questions and answers