Finding (and stopping!) Rogue Devices from HP Procurve

I can't tell you a thing about "blocking" or access-control-list functionality in HP Procurve switches. In general, "blocking" unwanted devices isn't a good thing. Stopping the wanted devices from getting on your network in the first place is a better idea.

To find the MAC address of an offending device, from a computer on the same subnet as that device, PING the device and then do an "arp -a" from a command prompt. You should get back something like this (on Windows):

Interface: 192.168.28.10 --- 0x6
  Internet Address      Physical Address      Type
  192.168.28.9          00-ff-22-71-a6-a2     dynamic

The MAC address is listed under the "physical address" column.

Hopefully the ProCurve switches have some functionality to allow you search the MAC address database on the switch for a given address. Do that, and the switch will tell you which port it is "seeing" that MAC address attached to.

On a Cisco switch (or a "Cisco-workalike" switch), you'd do:

show mac-address | include xxxx.xxxx.xxxx

Where the x's are the MAC address (removing the "-" between the digits that Windows reports and placing "." between each group of 4 digits).

Track down what's plugged into that port. If it's another switch, repeat the process on the other switch. If you end up with a wireless access point think about using (better) encryption to keep unauthorized parties off your network.

Do you know how to get to the command line interface? The command

show mac-address

will show you all the MAC addresses the switch has detected.

You can get all the manuals for the 4200 here:

Manuals for Procurve 6400cl/5300xl/4200vl/3400cl switches