Wired Intelligent Edge (Campus Switching and Routing)

Reply
Occasional Contributor II

Switch security

Bit of a mixed bag of questions here but am now looking to secure my switch infrastructure and after looking at some configurations online (and comparing on my switch) I think the configurations are out of date.

 

I am using an HP-2530 (J9280A) and would like to know the command structure for the following features.

 

Sticky mac: The ability to detect and fix mac addresses of devices per port.

 

DHCP Snooping: enabling trust for a DHCP server (or trust of an uplink to the server) interface.

 

Any other useful tips or settings which can help lock down the switch from wrong doers.

 

Thanks as always.

 

 

Guru Elite

Re: Switch security

I found this by googling "hpe arubaos-switch access security guide"  http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c05365163-4.pdf

 

Is that what you mean?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Switch security

Yes, very useful thanks. These commands match the model and firmware of my switch.

 

Interestingly enough I have also found the command "aaa port-access use-lldp-data" like LLDP/LLDP-MED which is already enabled on the switch this is a single command (as seen above).

 

Would this be all that is required in this case, run the command, plug in the phones and let them update the ports ?

 

Also any additional "show" commands to confirm the settings would be useful also.

MVP Expert

Re: Switch security

for VOIP, it is recommnaded to enable voice vlan (i will be auto configure LLDP)




PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info


PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info


PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)


PowerArubaIAP: Powershell Module to use Aruba Instant AP




ACMP 6.4 / ACMX #107 / ACCP 6.5
Occasional Contributor II

Re: Switch security

I already used LLDP-MED with my deployments of VOICE VLAN so this should already be enabled.

 

I assume then that the sticky mac feature for LLDP is an extra command/setting applied ontop of the VOICE VLAN feature.


@alagoutte wrote:

for VOIP, it is recommnaded to enable voice vlan (i will be auto configure LLDP)


 

Highlighted

Re: Switch security

Hi Eddie,

I am sure this link could help you too:

 

h22208.www2.hpe.com/eginfolib/Aruba/16.06/5200-5456/index.html#book.html

 

Regards

 

 

 


PS: If you feel this information is useful and solved your question or problem, please do not forget to mark it as a solution and give me some kudos.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: