Access Control Lists; Protection Against Denial Of Service (Dos) Attacks; Dynamic Configuration; Dynamic Configuration - HP PROCURVE 6208M-SX Installation And Getting Started Manual

Installation and Getting Started Guide
RADIUS Security
You can further secure CLI access to the switch or routing switch by configuring the device to consult a Remote
Access Dial In User Service (RADIUS) server to authenticate user names and passwords. The software supports
authentication, authorization, and accounting (AAA). See "Configuring RADIUS Security" on page 3-31.

Access Control Lists (ACLs)

Access control lists (ACLs) enable you to permit or deny packets based on source and destination IP address,
IP protocol information, or TCP or UDP protocol information. You can configure the following types of ACLs:
• Standard – Permits or denies packets based on source IP address. ACL IDs 1 – 99 are for standard ACLs.
• Extended – Permits or denies packets based on source and destination IP address and also based on IP
protocol information. ACL IDs 100 – 199 are for extended ACLs.
In addition, you can use ACLs to control CLI and Web access to the device. You also can use ACLs for Policy-
Based Routing (PBR).
See the "Using Access Control Lists (ACLs)" chapter in the Advanced Configuration and Management Guide.
Protection Against Denial of Service Attacks
In a Denial of Service (DoS) attack, a router is flooded with useless packets, hindering normal operation. HP
devices include measures for defending against the following common types of DoS attacks:
• Smurf attacks – A Smurf attack is a kind of DoS attack where an attacker causes a victim to be flooded with
ICMP echo (Ping) replies sent from another network.
• TCP SYN attacks – TCP SYN attacks exploit the process of how TCP connections are established in order to
disrupt normal traffic flow. When a TCP connection starts, the connecting host first sends a TCP SYN packet
to the destination host. The destination host responds with a SYN ACK packet, and the connecting host
sends back an ACK packet. This process, known as a "TCP three-way handshake", establishes the TCP
connection.
See "Protecting Against Denial of Service Attacks" on page B-1.

Dynamic Configuration

Dynamic configuration enables you to make configuration changes without rebooting the system. Many of the
configuration changes you can make to HP switches and routing switches do not require a reboot and take effect
immediately. You can make the changes without causing network outages. The individual configuration chapters
describing each feature area (chapters 7 – 18) list the parameters that can be dynamically changed.

Soft Reboot

When you upgrade the software image on an HP switch or routing switch, you do not need to power down the
system to use the new software. You can boot the new software immediately from the primary flash, secondary
flash, a TFTP server, or a BootP server.
You also can use this feature to test new versions of flash code before replacing the previous flash image.
For more details on the boot commands and on copying software to and from HP switches and routing switches,
refer to "Updating Software Images and Configuration Files" on page 6-1.

Scheduled System Reload

Although the dynamic configuration feature (see "Dynamic Configuration" on page 7-10) allows many parameter
changes to take effect immediately without a system reset, other parameters do require a system reset.
To place these parameters into effect, you must save the configuration changes to the configuration file, then
reload the system. The management interfaces provide an option to immediately reset the system. Alternatively,
you can use the scheduled system reload feature to configure the system to reload its flash code at a specific time
(based on the system clock or SNTP time) or after a specific amount of time has passed.
7 - 10