Table Of Contents - HP 6600 Security Configuration Manual
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Contents
Security overview ························································································································································· 1
Network security threats ··················································································································································· 1
Network security services ················································································································································· 1
Network security technologies ········································································································································· 2
Identity authentication ·············································································································································· 2
Access security ·························································································································································· 2
Data security ····························································································································································· 3
Firewall and connection control ······························································································································ 3
Attack detection and protection ······························································································································ 4
Other security technologies ····································································································································· 5
Configuring AAA ························································································································································· 7
Overview ············································································································································································ 7
RADIUS ······································································································································································ 8
HWTACACS ·························································································································································· 13
Domain-based user management ························································································································ 15
AAA for MPLS L3VPNs ········································································································································· 16
Protocols and standards ······································································································································· 16
RADIUS attributes ·················································································································································· 17
AAA configuration considerations and task list ·········································································································· 20
Configuring AAA schemes ············································································································································ 21
Configuring local users ········································································································································· 21
Configuring RADIUS schemes ······························································································································ 26
Configuring HWTACACS schemes ····················································································································· 39
Configuring AAA methods for ISP domains ················································································································ 45
Creating an ISP domain ······································································································································· 45
Configuring ISP domain attributes ······················································································································· 46
Configuring authentication methods for an ISP domain ··················································································· 47
Configuring authorization methods for an ISP domain ····················································································· 49
Configuring accounting methods for an ISP domain ························································································· 51
Tearing down user connections ···································································································································· 53
Configuring a NAS ID-VLAN binding ·························································································································· 53
Specifying the device ID used in stateful failover mode ···························································································· 53
Displaying and maintaining AAA ································································································································ 54
AAA configuration examples ········································································································································ 54
RADIUS authentication/authorization for Telnet/SSH users ············································································· 54
Local authentication/authorization for Telnet/FTP users ··················································································· 58
AAA for PPP users by an HWTACACS server ··································································································· 59
Level switching authentication for Telnet users by a RADIUS server ································································ 61
AAA for portal users by a RADIUS server ·········································································································· 65
Troubleshooting AAA ···················································································································································· 71
Troubleshooting RADIUS ······································································································································· 71
Troubleshooting HWTACACS ······························································································································ 73
802.1X overview ······················································································································································· 74
802.1X architecture ······················································································································································· 74
Controlled/uncontrolled port and port authorization status ······················································································ 74
802.1X-related protocols ·············································································································································· 75
Packet formats ························································································································································ 75
EAP over RADIUS ·················································································································································· 77
i
Advertisement
Table of Contents
Troubleshooting
