ProCurve 2600 Series, 2800 Series, 4100g Series, 6108, 2600-PWR Series Getting Started
...
Getting Started
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Overview of Access Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Management Access Security Protection . . . . . . . . . . . . . . . . . . . . . . . . 1-3
General Switch Traffic Security Guidelines . . . . . . . . . . . . . . . . . . . . . . 1-4
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Feature Descriptions by Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Command Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Screen Simulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Port Identity Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
1
Sources for More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
Need Only a Quick Start? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
To Set Up and Install the Switch in Your Network . . . . . . . . . . . . . . . . 1-9
1-1
Getting Started
Introduction
Introduction
This Access Security Guide describes how to use ProCurve’s switch security
features to protect access to your switch. This guide is intended to support
the following switches:
■ ProCurve Series 2600
■ ProCurve Series 2600-PWR
■ ProCurve Series 2800
■ ProCurve Series 4100gl
■ ProCurve Switch 6108
For an overview of other product documentation for the above switches, refer
to “Product Documentation” on page xi.
The Product Documentation CD-ROM shipped with the switch includes a
copy of this guide. You can also download a copy from the ProCurve website,
http://www.procurve.com.
1-2
Overview of Access Security Features
The access security features covered in this guide include:
■ Local Manager and Operator Passwords (page 2-1): Control
access and privileges for the CLI, menu, and web browser interfaces.
■ TACACS+ Authentication (page 4-1): Uses an authentication appli-
cation on a server to allow or deny access to a switch.
■ RADIUS Authentication and Accounting (page 5-1): Like
TACACS+, uses an authentication application on a central server to
allow or deny access to the switch. RADIUS also provides accounting
services for sending data about user activity and system events to a
RADIUS server.
■ Secure Shell (SSH) Authentication (page 6-1): Provides
encrypted paths for remote access to switch management functions.
Overview of Access Security Features
■ Secure Socket Layer (SSL) (page 7-1): Provides remote web access
Getting Started
to the switch via encrypted authentication paths between the switch
and management station clients capable of SSL/TLS operation.
■ Port-Based Access Control (802.1X) (page 8-1): On point-to-point
connections, enables the switch to allow or deny traffic between a
port and an 802.1X-aware device (supplicant) attempting to access
the switch. Also enables the switch to operate as a supplicant for
connections to other 802.1X-aware switches.
■ Port Security (page 9-1): Enables a switch port to maintain a unique
list of MAC addresses defining which specific devices are allowed to
access the network through that port. Also enables a port to detect,
prevent, and log access attempts by unauthorized devices.
■ Traffic/Security Filters (page 10-1): Source-Port filtering enhances
in-band security by enabling outbound destination ports on the switch
to forward or drop traffic from designated source ports (within the
same VLAN).
■ Authorized IP Managers (page 11-1): Allows access to the switch
by a networked device having an IP address previously configured in
the switch as "authorized".
Management Access Security Protection
In considering management access security for your switch, there are two key
areas to protect:
■ Unauthorized client access to switch management features
■ Unauthorized client access to the network.
Table 1-1 on page 1-4 provides an overview of the type of protection offered
by each switch security feature.
Note ProCurve recommends that you use local passwords together with your
switch’s other security features to provide a more comprehensive security
fabric than if you use only local passwords.
1-3
Loading...