Wireless Networks Thread, Blocking TCP/IP Ports with ProCurve Manager in Technical; Morning all
We have just upgraded our network with a HP 5406ZL as our Core switch with edge switches consisting ...
16th June 2010, 10:38 AM #1
- Rep Power
Blocking TCP/IP Ports with ProCurve Manager
We have just upgraded our network with a HP 5406ZL as our Core switch with edge switches consisting of the 2510 and 2520 range. We were told when we ordered all of the kit that the switches and ProCurve Manager would allow us to block certain ports from being used, e.g the ports that iTunes uses.
We have been told by someone from the same company that you can't limit the ports in this way and we can't find the options because we have a severe lacks of knowledge with ProCurve Manager.
Could anyone shine some light on this?
16th June 2010, 10:58 AM #2
I have ProCurve Manager 2 and have no idea where you would do this.
I do know that you can use switch ACLs between VLANs to restrict what traffic is allowed in and out. You must have VLANs though, as the traffic will just pass through the switch as normal if the devices are on the same vlan.
I use several ACLs between vlans here on a 5412 to restrict client access to servers etc.
16th June 2010, 11:02 AM #3
I don't think you can do this as a blanket blockage. We have the same switch and there aren't any settings like that anywhere. As DMcCoy says, the only thing you can do is use ACLs between VLANs to block things.
You could do that in this case - stick the router to the internet on a vlan and everything else on another, then put an ACL in between with that port disallowed.
16th June 2010, 11:20 AM #4
- Rep Power
Thanks for the responses guys, we are running different VLANs but the switches we particularly want to block iTunes on are set to one VLAN and we wanted to block the ports within that switch, otherwise they can still share etc between same switch users.
16th June 2010, 11:43 AM #5
- Rep Power
Reaper - I suspect you won't be able to do this. You could put the ACL on the Layer 3 VLAN Interface on the HP5406zl, butthat wouldn't stop any traffic within the VLAN/subnet (only stuff outside of that which needs to go via the default gateway). You might be able to do private VLAN's which involve only allowing hosts to talk to the default gateway (probably the edge switches would need to support this) - but this might break other stuff?
I've seen some Enterasys switches that support Layer3-4 filtering @ Layer2 (but this an additional feature and the switches cost a bit more than your standard managed switch)
26th June 2010, 08:29 AM #6
To do what you want you'd probably need the Identity Driven Manager plugin for PCM (HP ProCurve Identity Driven Manager 3.0 J9438A, J9440A, J9439A) and a higher spec switch than the 2510s. Better to confirm with HP though....
By jmair in forum Hardware
Last Post: 6th November 2009, 08:10 PM
By cookie_monster in forum Windows
Last Post: 13th May 2009, 12:38 PM
By SSFC in forum Internet Related/Filtering/Firewall
Last Post: 11th May 2009, 04:31 PM
By wellscs in forum Wireless Networks
Last Post: 15th April 2009, 02:37 PM
By MrsGrinch in forum Network and Classroom Management
Last Post: 26th March 2008, 04:24 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)