Precedence Of Security Options; Precedence Of Port-Based Security Options; Precedence Of Client-Based Authentication; Dynamic Configuration Arbiter - HP 3500yl Series Access Security Manual
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
Precedence of Security Options
This section explains how port-based security options, and client-based
attributes used for authentication, get prioritized on the switch.
Precedence of Port-Based Security Options
Where the switch is running multiple security options, it implements network
traffic security based on the OSI (Open Systems Interconnection model)
precedence of the individual options, from the lowest to the highest. The
following list shows the order in which the switch implements configured
security features on traffic moving through a given port.
1.
Disabled/Enabled physical port
2.
MAC lockout (Applies to all ports on the switch.)
3.
MAC lockdown
4.
Port security
5.
Authorized IP Managers
6.
Application features at higher levels in the OSI model, such as SSH.
(The above list does not address the mutually exclusive relationship that
exists among some security features.)
Precedence of Client-Based Authentication:
Dynamic Configuration Arbiter
Starting in software release K.13.xx, the Dynamic Configuration Arbiter
(DCA) is implemented to determine the client-specific parameters that are
assigned in an authentication session.
A client-specific authentication configuration is bound to the MAC address of
a client device and may include the following parameters:
■
Untagged client VLAN ID
Tagged VLAN IDs
■
■
Per-port CoS (802.1p) priority
■
Per-port rate-limiting on inbound traffic
Client-based ACLs
■
Security Overview
Precedence of Security Options
1-15
Hide quick links:
Advertisement
Chapters
Table of Contents
