HP Procurve &Quot;auto DoS" Feature Causing Network Problems

Wed 07 April 2010 Category: Networking

A feature on more recent HP Procurve models (18xx series, such as 1810G etc.) is called "Auto DoS". You can find it in the section "Security" and then "Advanced security".

If you enable the Auto DoS feature, traffic is blocked based on one of these conditions:

  • the source port (TCP / UDP) is identical to the destination port (NTP, SYSLOG, etc)

  • the source port (TCP / UDP) is 'privileged' thus in the range of 1 -1023.

This will cause all kinds of problems, but first this: "Why on earth is a Layer 2 device filtering on Layer 3?". This is just insane.

NTP does not work any more. Syslog traffic will not arive. VPN traffic may not arrive.

This issue cost me a lot of time to solve. I first blamed our Firewall, but the actual traffic arrived on the tagged trunk port on the affected switch. The traffic somehow was not sent to the switch port on which the destination device was connected.

Affected products:

HP ProCurve 1810G - J9449A ( 8 ports ) and J9450A ( 24 ports )