12 port security, 13 flexibility – HP 2424M User Manual
Page 19
HP ProCurve Switch 4000M / 8000M / 2424M / 1600M Reviewer’s Guide
connected to a specific port, file server traffic can be excluded from other ports of the net manager’s
choice, preventing users on designated ports access to the file server.
2.11.2 Broadcast Storm Prevention
The HP ProCurve Switches 4000M/8000M/2424M/1600M have a broadcast throttling filter to control
high levels of broadcasts leaving the switch. Broadcast throttling has been covered in a previous
section dealing with Automatic Broadcast Control.
2.12 Port Security
12
Port security can be set in the HP ProCurve Switch 4000M/8000M/2424M/1600M so that:
• Unicast packets are sent out the port only if they are for authorized end nodes on that port. All
other unicast packets are dropped. All multicast and broadcast packets are forwarded.
(prevents eavesdropping of general network traffic at an open port on the switch)
Authorized nodes can be defined in two different ways:
• Continuous – any node connected to the port is authorized. Essentially any node address in the
bridge address table for this port becomes an authorized node for this port. This setting
prevents generally flooded unicast packets from being sent out this port, but allows any actual
nodes downstream from this port to receive unicast traffic specifically addressed to those
nodes. Since these authorized port entries are dynamic, they age out at the rate set for the
bridge address table.
• Static – The number of MAC addresses allowed for that port (up to 8) is specified. Actual MAC
addresses can then be entered. If the number of actual MAC addresses entered is less than the
number of total addresses allowed, then the switch will fill the address list with the first
addresses it sees that are not specifically configured. This allows the first ports seen to become
authorized without their addresses being explicitly configured.
If a security violation does occur, the switch can be set to send an SNMP trap.
2.13 Flexibility
The HP ProCurve Switches 4000M/8000M/2424M/1600M have been designed with flexibility and high
port density in mind. Any module type can be plugged into any of the module slots. The modules are
hot swappable. Available module types are:
• Single port Gigabit-SX module. Works with 62.5/125 multi-mode fiber cable at up to 220M, or
50/125 multi-mode fiber cable at up to 500m. (SC connectors)
• Single port Gigabit-LX module. Works with single-mode fiber cable up to 5km, or with either
62.5/125 or 50/125 multi-mode fiber cable up to 550m (mode-conditioning cable may be needed
for multi-mode use per IEEE 802.3z). (SC connectors)
• Single port 100/1000Base-T module. Works with Category 5 or better UTP wiring at up to 100m.
• Eight port UTP autosensing 10/100Base-TX module.
• Four port 100Base-FX module (SC connectors)
• Four port 10Base-FL module (ST connectors)
• HP ProCurve Switch 2424M Gigabit Stacking Module provides two Gigabit ports that are
transceiver-based. Transceivers available are:
• HP ProCurve Gigabit-SX Transceiver
12
Starting with firmware revision C.07.23. Older revisions can be updated at no charge through the HP ProCurve web site.
©1998, 1999, 2000 Hewlett-Packard Co
Revision 3.2b – 1/15/2000
Page 19 of 36