Wired Intelligent Edge

Bit of a mixed bag of questions here but am now looking to secure my switch infrastructure and after looking at some configurations online (and comparing on my switch) I think the configurations are out of date.

I am using an HP-2530 (J9280A) and would like to know the command structure for the following features.

Sticky mac: The ability to detect and fix mac addresses of devices per port.

DHCP Snooping: enabling trust for a DHCP server (or trust of an uplink to the server) interface.

Any other useful tips or settings which can help lock down the switch from wrong doers.

Thanks as always.

I found this by googling "hpe arubaos-switch access security guide"  http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c05365163-4.pdf

Is that what you mean?

Yes, very useful thanks. These commands match the model and firmware of my switch.

Interestingly enough I have also found the command "aaa port-access use-lldp-data" like LLDP/LLDP-MED which is already enabled on the switch this is a single command (as seen above).

Would this be all that is required in this case, run the command, plug in the phones and let them update the ports ?

Also any additional "show" commands to confirm the settings would be useful also.

for VOIP, it is recommnaded to enable voice vlan (i will be auto configure LLDP)

I already used LLDP-MED with my deployments of VOICE VLAN so this should already be enabled.

I assume then that the sticky mac feature for LLDP is an extra command/setting applied ontop of the VOICE VLAN feature.

---

@alagoutte wrote:

for VOIP, it is recommnaded to enable voice vlan (i will be auto configure LLDP)

---

Hi Eddie,

I am sure this link could help you too:

h22208.www2.hpe.com/eginfolib/Aruba/16.06/5200-5456/index.html#book.html

Regards