HP ProCurve Series 3400cl Release Notes page 56

Procurve series

Hide thumbs Also See for ProCurve Series 3400cl:

Management manual (664 pages)

Management and configuration manual (508 pages)

Access security manual (404 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

page of 197

/ 197
Contents
Table of Contents
Bookmarks

Table of Contents

Enhancements

Release M.10.02 Enhancements

An ACL must be configured on the RADIUS server (instead of the switch) by creating and

■

assigning one or more Access Control Entries to the username/password pair or MAC

address of the client for which you want ACL support.

Where 802.1X is used for client authentication, then either the client device must be running

■

802.1X supplicant software or the capability must exist for the client to download this

software from the network through use of the 802.1X Open VLAN mode available on the

switch. (If authentication is achieved through Web or MAC Authentication, then 802.1X

supplicant software is not required.)

A RADIUS-assigned ACL is a type of extended ACL that filters IP traffic inbound on a port from any

source (and, optionally, of any specific IP application or protocol type) to a single destination IP

address, a group of contiguous IP addresses, an IP subnet, or any IP destination.

This feature is designed to accept dynamic configuration of a RADIUS-based ACL on an individual

port on the network edge to filter traffic from an authenticated end-node client. Using RADIUS to

apply per-port ACLs to edge ports enables the switch to filter IP traffic coming from outside the

network, thus removing unwanted traffic as soon as possible and helping to improve system

performance. Also, applying RADIUS-assigned ACLs to ports on the network edge is likely to be less

complex than using ACLs in the network core to filter unwanted traffic that could have been filtered

at the edge.

This feature enhances network and switch management access security by permitting or denying

authenticated client access to specific network resources and to the switch management interface.

This includes preventing clients from using TCP or UDP applications (such as Telnet, SSH, Web

browser, and SNMP) if you do not want their access privileges to include these capabilities.

Note

A RADIUS-assigned ACL filters all inbound IP traffic from an authenticated client on a port, regardless

of whether the traffic is to be switched or routed.

ACLs enhance network security by blocking selected IP traffic, and can serve as one aspect of

network security. However, because ACLs do not protect from malicious manipulation of data carried

in IP packet transmissions, they should not be relied upon for a complete edge security solution.

The ACLs described in this section do not screen non-IP traffic such as AppleTalk and IPX.

Table

4, highlights several key differences between the static ACLs configurable on 3400cl switch

ports and the dynamic ACLs that can be assigned to individual ports by a RADIUS server. (The switch

supports either one RADIUS-based ACL or one port-based ACL at a time on a given port. It does not

support having both ACL types on the same port at the same time.)

Table of Contents

This manual is also suitable for:

Procurve 3400cl-48g Procurve 6400cl-6xg Procurve 6410cl-6xg Procurve 3400cl-24g

HP ProCurve Series 3400cl Release Notes page 56

Related Manuals for HP ProCurve Series 3400cl

Related Products for HP ProCurve Series 3400cl

This manual is also suitable for:

Table of Contents