Wired

last person joined: 5 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Switch security

This thread has been viewed 3 times
  • 1.  Switch security

    Posted Aug 24, 2019 12:23 PM

    Bit of a mixed bag of questions here but am now looking to secure my switch infrastructure and after looking at some configurations online (and comparing on my switch) I think the configurations are out of date.

     

    I am using an HP-2530 (J9280A) and would like to know the command structure for the following features.

     

    Sticky mac: The ability to detect and fix mac addresses of devices per port.

     

    DHCP Snooping: enabling trust for a DHCP server (or trust of an uplink to the server) interface.

     

    Any other useful tips or settings which can help lock down the switch from wrong doers.

     

    Thanks as always.

     

     



  • 2.  RE: Switch security

    Posted Aug 24, 2019 03:43 PM

    I found this by googling "hpe arubaos-switch access security guide"  http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c05365163-4.pdf

     

    Is that what you mean?



  • 3.  RE: Switch security

    Posted Aug 24, 2019 04:18 PM

    Yes, very useful thanks. These commands match the model and firmware of my switch.

     

    Interestingly enough I have also found the command "aaa port-access use-lldp-data" like LLDP/LLDP-MED which is already enabled on the switch this is a single command (as seen above).

     

    Would this be all that is required in this case, run the command, plug in the phones and let them update the ports ?

     

    Also any additional "show" commands to confirm the settings would be useful also.



  • 4.  RE: Switch security

    Posted Aug 27, 2019 09:28 AM

    for VOIP, it is recommnaded to enable voice vlan (i will be auto configure LLDP)



  • 5.  RE: Switch security

    Posted Aug 27, 2019 09:44 AM

    I already used LLDP-MED with my deployments of VOICE VLAN so this should already be enabled.

     

    I assume then that the sticky mac feature for LLDP is an extra command/setting applied ontop of the VOICE VLAN feature.


    @alagoutte wrote:

    for VOIP, it is recommnaded to enable voice vlan (i will be auto configure LLDP)


     



  • 6.  RE: Switch security

    Posted Sep 03, 2019 05:03 PM

    Hi Eddie,

    I am sure this link could help you too:

     

    h22208.www2.hpe.com/eginfolib/Aruba/16.06/5200-5456/index.html#book.html

     

    Regards