HP Networking guide to hardening Comware-based devices
Table Of Contents
- Introduction
- Management plane
- General management plane hardening
- Limiting access to the network with infrastructure ACLs
- Securing interactive management sessions
- Fortifying Simple Network Management Protocol
- Logging best practices
- HP Comware software configuration management
- Control plane
- General control plane hardening
- Limiting the CPU impact of control plane traffic
- Securing BGP
- Securing Interior Gateway Protocols
- Securing Virtual Router Redundancy Protocol
- Data plane
- General data plane hardening
- Filtering transit traffic with Transit ACLs
- Anti-spoofing protections
- Limiting the CPU impact of data plane traffic
- Traffic identification and traceback
- Access control with VLAN QoS policy and port access control lists
- Using private VLANs
- Port isolation
39
description *** Isolated Port of Group2 ***
port access vlan 20
port-isolate enable group 2
#
interface Ten-GigabitEthernet1/0/49
description *** Uplink Port of Group1 ***
port access vlan 20
port-isolate uplink-port group 1
#
interface Ten-GigabitEthernet1/0/50
description *** Uplink Port of Group2 ***
port access vlan 20
port-isolate uplink-port group 2
#
For more information about port isolation, see “Port Isolation” in the Layer-2 LAN Switching Configuration Guide.