Ip lockdown, Operating rules for ip lockdown, Using the ip lockdown command – HP 2600 Series User Manual

9-28

Configuring and Monitoring Port Security
IP Lockdown

IP Lockdown

IP lockdown is available on the Series 2600 and 2800 switches only.

The “IP lockdown” utility enables you to restrict incoming traffic on a port to
a specific IP address/subnet, and deny all other traffic on that port.

Operating Rules for IP Lockdown

■

Users cannot specify that certain subnets be denied while others are
permitted.

■

Users cannot filter on protocol or destination IP address.

■

The lockdown feature applies to inbound traffic on a port only.

■

There is no logging functionality for this feature, i.e. no way to
determine if IP address violations occur.

■

The same subnet mask must be used for all ports within an 8 port
block (1-8, 7-16, etc), for example:

•

If you configure Port 1 with: ip-lockdown 192.168.0.1/24

•

Then configure Port 2 with: ip-lockdown 50.0.0.0/24

This is an acceptable subnet for port 2

•

Then configure Port 3 with: ip-lockdown 120.15.32.7/32

This command would return an error and not be configured due
to the differing subnet mask.

Using the IP Lockdown Command

The IP lockdown command operates as follows:

The following example prevents traffic from all IP addresses other than those
specified in subnet 192.168.0.1/24 from entering the switch on interface 1.

ProCurve Switch 2626 (config) # interface 1

ProCurve Switch 2626 (eth-1) # ip-lockdown 192.168.0.1/24

ProCurve Switch 2626 (eth-1) # exit

Syntax: ip-lockdown <subnet mask/ips >

Defines the subnet and related IP addresses allowed for incoming traffic on the port.