OneSource Professional Training Solutions
OneSource Professional Training Solutions, Inc. presents

Implementing HP Network Infrastructure Security, Rev. 10.41 On-Site Training

This on-site training class is also available as Public Schedule Seminar.

Implementing HP Network Infrastructure Security, Rev. 10.41

Course Description/Agenda

This course will prepare you to configure, troubleshoot, and implement security features used for network protection on HP A-Series and E-Series devices.


  • HP ASE - Network Infrastructure [2011]
  • HP ASE - Wireless Networks [2011]

What You'll Learn

  • CA signed certificates
  • Traffic mirroring
  • Access Control Lists used to filter network traffic
  • MAC address protection
  • Port security
  • Traffic filters: source port filters and port isolation
  • Spanning Tree protection
  • DHCP protection
  • ARP protection
  • IP spoofing protection
  • Threat detection: virus throttling

Who Should Attend

Systems engineers, network engineers, and network specialists who design and deploy HP network solutions

Course Prerequisites

  • HP Networking Infrastructure Security Technologies

Course Outline

1. Threats and the Need for Security

  • SSL with a CA signed certificate

2. Traffic Mirroring

  • Overview
  • ProVision traffic mirroring
    • Local traffic mirroring
    • Remote traffic mirroring
  • Comware Traffic Mirroring

3. ACLs

  • VLAN basics
  • Basic concepts of ACLs
  • Implementing ACLs
    • Static options
    • Dynamic options
  • Elements of an ACL
  • Types of ACLs
  • ACL criteria
  • How an ACL mask works
  • Filtering routed traffic
    • Assigning an ACL as a RACL
  • Filtering switched traffic
    • Assigning an ACL as a VACL
    • Assigning an ACL to a port
  • Defining the extended ACL
  • Comware ACLs

4. MAC Lockdown and Lockout

  • MAC Lockdown explained
  • MAC Lockout explained
  • Using MAC Lockdown and MAC Lockout together
  • Comware MAC Table Configuration

5. Port Security

  • Port security explained
  • Comparison: Port security and MAC Lockdown
  • MAC address learn modes
  • Limited-continuous learn mode

6. Traffic Filters

  • ProVision source port filters
  • Comware port isolation

7. Spanning Tree Protection

  • Spanning Tree vulnerabilities
  • BPDU filtering and protection
  • Guidelines for using BPDU filtering and protection
  • Root Guard and TCN Guard
  • Comware Spanning Tree protection

8. DHCP Protection

  • DHCP vulnerabilities
  • Protecting against DHCP attacks: DHCP snooping
  • Using option 82 with DHCP snooping
  • Comware DHCP snooping

9. ARP Protection

  • ARP vulnerabilities
  • Dynamic ARP protection
  • Guidelines: Using dynamic ARP protection
  • Comware ARP protection

10. IP Spoofing Protection

  • Dynamic IP Lockdown
  • IP Source Guard

11. Virus Throttling

  • Scenario: Protecting against viruses
  • Connection-rate filtering
    • Operation
  • Using connection-rate ACLs


Lab 1: Implementing CA Certificates

  • Initial configuration
  • Implementing a CA signed certificate
    • ProVision
    • Comware

Lab 2: Implementing Traffic Mirroring

  • ProVision
  • Comware

Lab 3: Implementing ACLs

  • Configure a standard ACL to control access from a specific host
  • Examine debug ACL messages
  • Remove the static port ACL
  • Configure an extended ACL and implement it as a VACL
  • Remove the VACL
  • Configure an extended ACL and implement it as a RACL
  • Add ACEs to the RACL using sequence numbers
  • Editing ACLs offline

Lab 4: Implementing MAC Protection

  • Implement MAC Lockout
  • Implement MAC Lockdown

Lab 5: Implementing Port Security

  • Configure port security for a port using static learn mode
  • Configure port security for a port using configured learn mode

Lab 6: Implementing Traffic Filters

  • Implement ProVision source port filters
  • Implement Comware port isolation

Lab 7: Implementing Spanning Tree Protection

  • Implement BPDU filtering
  • Implement BPDU protection

Lab 8: Implementing DHCP Protection

  • Prepare the Windows client
  • Configure DHCP snooping
  • Verify DHCP snooping
  • Verify the client is assigned a valid IP address
  • Using the DHCP binding database
  • Configure DHCP snooping on the Comware switch

Lab 9: Implementing ARP Protection

  • Prepare the Windows client and server
  • Verify rogue ARP client operates without dynamic ARP protection active
  • Configure dynamic ARP protection
  • Verify dynamic ARP protection
  • Implement ARP Protection - Comware

Lab 10: Implementing IP Spoofing Protection

  • Implement Dynamic IP Lockdown - ProVision
  • Implement IP Source Guard - Comware

Lab 11: Implementing Connection-rate Filtering

  • Prepare the lab environment and client
  • Configure connection-rate filtering
  • Verify connection-rate filtering for the notify-only action
  • Verify connection-rate filtering for the throttle action
  • Verify connection-rate filtering for the block action
  • Implement a connection-rate ACL


More Seminar Information

OneSource Professional Training Solutions, Inc.
OneSource Professional Training Solutions

Delivery Method

On-Site Training On-Site Training

Also Available As

Seminar Seminar

Add to favorites Add to favorites
Email Email this page

On-Site Training
Information Request Form

Please complete the form for more information and/or a quote for this on-site class.




City and State


Number of students:
(at least 10 for consideration)

When do you want to hold the

How long would you like for the

Additional comments to trainer:

We value your privacy!