HP ProCurve 4100 Series Manuals

Manuals and User Guides for HP ProCurve 4100 Series. We have 2 HP ProCurve 4100 Series manuals available for free PDF download: Function Manual, Access Security Manual

HP ProCurve 4100 Series Function Manual

HP ProCurve 4100 Series Function Manual (306 pages)

Access Security Guide ProCurve 2600, 2600-PWR, 2800, 4100, 6108 Series  
Brand: HP | Category: Switch | Size: 2.18 MB
Table of contents
Access Security Guide1................................................................................................................................................................
Table Of Contents5................................................................................................................................................................
Product Documentation13................................................................................................................................................................
About Your Switch Manual Set13................................................................................................................................................................
Feature Index14................................................................................................................................................................
Contents17................................................................................................................................................................
Getting Started18................................................................................................................................................................
Introduction18................................................................................................................................................................
Overview Of Access Security Features18................................................................................................................................................................
Management Access Security Protection19................................................................................................................................................................
General Switch Traffic Security Guidelines20................................................................................................................................................................
Conventions21................................................................................................................................................................
Feature Descriptions By Model21................................................................................................................................................................
Command Syntax Statements21................................................................................................................................................................
Command Prompts22................................................................................................................................................................
Screen Simulations22................................................................................................................................................................
Port Identity Examples22................................................................................................................................................................
Sources For More Information23................................................................................................................................................................
Need Only A Quick Start24................................................................................................................................................................
Ip Addressing24................................................................................................................................................................
To Set Up And Install The Switch In Your Network25................................................................................................................................................................
Configuring Username And Password Security28................................................................................................................................................................
Overview28................................................................................................................................................................
Configuring Local Password Security30................................................................................................................................................................
Menu: Setting Passwords30................................................................................................................................................................
Cli: Setting Passwords And Usernames31................................................................................................................................................................
Web: Setting Passwords And Usernames32................................................................................................................................................................
Front-panel Security33................................................................................................................................................................
When Security Is Important33................................................................................................................................................................
Front-panel Button Functions34................................................................................................................................................................
Configuring Front-panel Security36................................................................................................................................................................
Password Recovery41................................................................................................................................................................
Password Recovery Process43................................................................................................................................................................
Web And Mac Authentication For The Series 2600/2600-pwr And 2800 Switches45................................................................................................................................................................
Client Options47................................................................................................................................................................
General Features48................................................................................................................................................................
How Web And Mac Authentication Operate49................................................................................................................................................................
Authenticator Operation49................................................................................................................................................................
Terminology53................................................................................................................................................................
Operating Rules And Notes54................................................................................................................................................................
General Setup Procedure For Web/mac Authentication56................................................................................................................................................................
Do These Steps Before You Configure Web/mac Authentication56................................................................................................................................................................
Additional Information For Configuring The Radius Server To Support Mac Authentication58................................................................................................................................................................
Configuring The Switch To Access A Radius Server59................................................................................................................................................................
Configuring Web Authentication61................................................................................................................................................................
Configure The Switch For Web-based Authentication62................................................................................................................................................................
Configuring Mac Authentication On The Switch66................................................................................................................................................................
Configure The Switch For Mac-based Authentication67................................................................................................................................................................
Show Status And Configuration Of Web-based Authentication70................................................................................................................................................................
Show Status And Configuration Of Mac-based Authentication71................................................................................................................................................................
Show Client Status73................................................................................................................................................................
Tacacs+ Authentication75................................................................................................................................................................
Terminology Used In Tacacs Applications77................................................................................................................................................................
General System Requirements79................................................................................................................................................................
General Authentication Setup Procedure79................................................................................................................................................................
Configuring Tacacs+ On The Switch82................................................................................................................................................................
Before You Begin82................................................................................................................................................................
Cli Commands Described In This Section83................................................................................................................................................................
Viewing The Switch's Current Authentication Configuration83................................................................................................................................................................
Viewing The Switch's Current Tacacs+ Server Contact Configuration84................................................................................................................................................................
Configuring The Switch's Authentication Methods85................................................................................................................................................................
Configuring The Switch's Tacacs+ Server Access89................................................................................................................................................................
How Authentication Operates94................................................................................................................................................................
General Authentication Process Using A Tacacs+ Server94................................................................................................................................................................
Local Authentication Process96................................................................................................................................................................
Using The Encryption Key97................................................................................................................................................................
Controlling Web Browser Interface Access When Using Tacacs+ Authentication98................................................................................................................................................................
Controlling Web Browser Interface Access When Using Tacacs98................................................................................................................................................................
Authentication98................................................................................................................................................................
Messages Related To Tacacs+ Operation99................................................................................................................................................................
Operating Notes99................................................................................................................................................................
Radius Authentication And Accounting101................................................................................................................................................................
Switch Operating Rules For Radius104................................................................................................................................................................
General Radius Setup Procedure105................................................................................................................................................................
Configuring The Switch For Radius Authentication106................................................................................................................................................................
Outline Of The Steps For Configuring Radius Authentication107................................................................................................................................................................
Configure Authentication For The Access Methods You Want Radius108................................................................................................................................................................
To Protect108................................................................................................................................................................
Configure Authentication For The Access Methods You Want108................................................................................................................................................................
Configure The Switch To Access A Radius Server110................................................................................................................................................................
Configure The Switch's Global Radius Parameters112................................................................................................................................................................
Controlling Web Browser Interface Access When Using Radius Authentication117................................................................................................................................................................
Configuring Radius Accounting117................................................................................................................................................................
Operating Rules For Radius Accounting119................................................................................................................................................................
Steps For Configuring Radius Accounting119................................................................................................................................................................
Reports To The Radius Server122................................................................................................................................................................
Viewing Radius Statistics125................................................................................................................................................................
General Radius Statistics125................................................................................................................................................................
Radius Authentication Statistics127................................................................................................................................................................
Radius Accounting Statistics128................................................................................................................................................................
Changing Radius-server Access Order129................................................................................................................................................................
Messages Related To Radius Operation131................................................................................................................................................................
Configuring Secure Shell (ssh)133................................................................................................................................................................
Prerequisite For Using Ssh137................................................................................................................................................................
Public Key Formats137................................................................................................................................................................
Steps For Configuring And Using Ssh For Switch And Client Authentication138................................................................................................................................................................
General Operating Rules And Notes140................................................................................................................................................................
Configuring The Switch For Ssh Operation141................................................................................................................................................................
Assign Local Login (operator) And Enable (manager) Password141................................................................................................................................................................
Generate The Switch's Public And Private Key Pair142................................................................................................................................................................
Provide The Switch's Public Key To Clients144................................................................................................................................................................
Enable Ssh On The Switch And Anticipate Ssh Client Contact Behavior147................................................................................................................................................................
Enable Ssh On The Switch And Anticipate Ssh Client147................................................................................................................................................................
Configure The Switch For Ssh Authentication150................................................................................................................................................................
Use An Ssh Client To Access The Switch153................................................................................................................................................................
Further Information On Ssh Client Public-key Authentication153................................................................................................................................................................
Messages Related To Ssh Operation159................................................................................................................................................................
Configuring Secure Socket Layer (ssl)161................................................................................................................................................................
Prerequisite For Using Ssl165................................................................................................................................................................
Steps For Configuring And Using Ssl For Switch And Client Authentication165................................................................................................................................................................
Configuring The Switch For Ssl Operation167................................................................................................................................................................
Generate The Switch's Server Host Certificate169................................................................................................................................................................
Comments On Certificate Fields171................................................................................................................................................................
Enable Ssl On The Switch And Anticipate Ssl Browser Contact177................................................................................................................................................................
Behavior181................................................................................................................................................................
Common Errors In Ssl Setup181................................................................................................................................................................
Configuring Port-based Access Control (802.1x)183................................................................................................................................................................
Why Use Port-based Access Control185................................................................................................................................................................
How 802.1x Operates188................................................................................................................................................................
Switch-port Supplicant Operation189................................................................................................................................................................
General Setup Procedure For Port-based Access Control (802.1x)194................................................................................................................................................................
Do These Steps Before You Configure 802.1x Operation194................................................................................................................................................................
Overview: Configuring 802.1x Authentication On The Switch195................................................................................................................................................................
Configuring Switch Ports As 802.1x Authenticators197................................................................................................................................................................
Enable 802.1x Authentication On Selected Ports197................................................................................................................................................................
Configure The 802.1x Authentication Method201................................................................................................................................................................
Enter The Radius Host Ip Address(es)202................................................................................................................................................................
Enable 802.1x Authentication On The Switch202................................................................................................................................................................
802.1x Open Vlan Mode203................................................................................................................................................................
Use Models For 802.1x Open Vlan Modes204................................................................................................................................................................
Operating Rules For Authorized-client And Unauthorized-client Vlans207................................................................................................................................................................
Setting Up And Configuring 802.1x Open Vlan Mode209................................................................................................................................................................
802.1x Open Vlan Operating Notes213................................................................................................................................................................
Option For Authenticator Ports: Configure Port-security To Allow Only 802.1x Devices214................................................................................................................................................................
Configuring Switch Ports To Operate As Supplicants For 802.1x Connections To Other Switches216................................................................................................................................................................
Displaying 802.1x Configuration, Statistics, And Counters220................................................................................................................................................................
Show Commands For Port-access Authenticator220................................................................................................................................................................
Viewing 802.1x Open Vlan Mode Status222................................................................................................................................................................
Show Commands For Port-access Supplicant225................................................................................................................................................................
How Radius/802.1x Authentication Affects Vlan Operation226................................................................................................................................................................
Messages Related To 802.1x Operation230................................................................................................................................................................
Configuring And Monitoring Port Security231................................................................................................................................................................
Basic Operation232................................................................................................................................................................
Blocking Unauthorized Traffic233................................................................................................................................................................
Trunk Group Exclusion234................................................................................................................................................................
Planning Port Security235................................................................................................................................................................
Port Security Command Options And Operation236................................................................................................................................................................
Retention Of Static Mac Addresses240................................................................................................................................................................
Displaying Current Port Security Settings240................................................................................................................................................................
Configuring Port Security242................................................................................................................................................................
Mac Lockdown247................................................................................................................................................................
Differences Between Mac Lockdown And Port Security249................................................................................................................................................................
Deploying Mac Lockdown251................................................................................................................................................................
Mac Lockout255................................................................................................................................................................
Port Security And Mac Lockout257................................................................................................................................................................
Ip Lockdown258................................................................................................................................................................
Web: Displaying And Configuring Port Security Features259................................................................................................................................................................
Reading Intrusion Alerts And Resetting Alert Flags259................................................................................................................................................................
Notice Of Security Violations259................................................................................................................................................................
How The Intrusion Log Operates260................................................................................................................................................................
Keeping The Intrusion Log Current By Resetting Alert Flags261................................................................................................................................................................
Using The Event Log To Find Intrusion Alerts266................................................................................................................................................................
Web: Checking For Intrusions, Listing Intrusion Alerts, And Resetting Alert Flags266................................................................................................................................................................
Operating Notes For Port Security267................................................................................................................................................................
Traffic/security Filters (procurve Series 2600/2600-pwr And 2800 Switches)270................................................................................................................................................................
Using Source-port Filters272................................................................................................................................................................
Operating Rules For Source-port Filters272................................................................................................................................................................
Configuring A Source-port Filter273................................................................................................................................................................
Viewing A Source-port Filter275................................................................................................................................................................
Filter Indexing276................................................................................................................................................................
Editing A Source-port Filter277................................................................................................................................................................
Using Named Source-port Filters278................................................................................................................................................................
Using Authorized Ip Managers288................................................................................................................................................................
Configuration Options289................................................................................................................................................................
Access Levels289................................................................................................................................................................
Defining Authorized Management Stations290................................................................................................................................................................
Overview Of Ip Mask Operation290................................................................................................................................................................
Menu: Viewing And Configuring Ip Authorized Managers291................................................................................................................................................................
Cli: Viewing And Configuring Authorized Ip Managers292................................................................................................................................................................
Configuring Ip Authorized Managers For The Switch293................................................................................................................................................................
Web: Configuring Ip Authorized Managers295................................................................................................................................................................
Building Ip Masks295................................................................................................................................................................
Configuring One Station Per Authorized Manager Ip Entry295................................................................................................................................................................
Configuring Multiple Stations Per Authorized Manager Ip Entry296................................................................................................................................................................
Additional Examples For Authorizing Multiple Stations297................................................................................................................................................................

Advertisement

HP ProCurve 4100 Series Access Security Manual

HP ProCurve 4100 Series Access Security Manual (241 pages)

Brand: HP | Category: Network Router | Size: 4.34 MB
Table of contents
Table Of Contents5................................................................................................................................................................
Contents13................................................................................................................................................................
Getting Started14................................................................................................................................................................
Introduction And Applicable Switches14................................................................................................................................................................
About The Feature Descriptions14................................................................................................................................................................
Overview Of Access Security Features15................................................................................................................................................................
Command Syntax Conventions17................................................................................................................................................................
Simulating Display Output17................................................................................................................................................................
Command Prompts17................................................................................................................................................................
Screen Simulations18................................................................................................................................................................
Port Identity Convention For Examples18................................................................................................................................................................
Related Publications18................................................................................................................................................................
Getting Documentation From The Web20................................................................................................................................................................
Sources For More Information21................................................................................................................................................................
Need Only A Quick Start22................................................................................................................................................................
To Set Up And Install The Switch In Your Network22................................................................................................................................................................
Configuring Username And Password Security24................................................................................................................................................................
Overview24................................................................................................................................................................
Configuring Local Password Security26................................................................................................................................................................
Menu: Setting Passwords26................................................................................................................................................................
Cli: Setting Passwords And Usernames27................................................................................................................................................................
Web: Setting Passwords And Usernames28................................................................................................................................................................
Tacacs+ Authentication29................................................................................................................................................................
Terminology Used In Tacacs Applications31................................................................................................................................................................
General System Requirements33................................................................................................................................................................
General Authentication Setup Procedure33................................................................................................................................................................
Configuring Tacacs+ On The Switch36................................................................................................................................................................
Beforeyou Begin36................................................................................................................................................................
Cli Commands Described In This Section37................................................................................................................................................................
Viewing The Switch's Current Authentication Configuration37................................................................................................................................................................
Viewing The Switch's Current Tacacs+ Server Contact38................................................................................................................................................................
Configuration38................................................................................................................................................................
Configuring The Switch's Authentication Methods39................................................................................................................................................................
Configuring The Switch's Tacacs+ Server Access43................................................................................................................................................................
How Authentication Operates48................................................................................................................................................................
General Authentication Process Using A Tacacs+ Server48................................................................................................................................................................
Local Authentication Process50................................................................................................................................................................
Using The Encryption Key51................................................................................................................................................................
Controlling Web Browser Interface Access When Using Tacacs+ Authentication52................................................................................................................................................................
Messages Related To Tacacs+ Operation53................................................................................................................................................................
Operating Notes53................................................................................................................................................................
Radius Authentication And Accounting55................................................................................................................................................................
Terminology57................................................................................................................................................................
Switch Operating Rules For Radius58................................................................................................................................................................
General Radius Setup Procedure59................................................................................................................................................................
Outline Of The Steps For Configuring Radius Authentication60................................................................................................................................................................
Configuring The Switch For Radius Authentication60................................................................................................................................................................
Configure Authentication For The Access Methods You Want62................................................................................................................................................................
Radius To Protect62................................................................................................................................................................
Configure The Switch To Access A Radius Server64................................................................................................................................................................
Configure The Switch's Global Radius Parameters66................................................................................................................................................................
Radius Authentication70................................................................................................................................................................
Controlling Web Browser Interface Access When Using Radius Authentication71................................................................................................................................................................
Configuring Radius Accounting72................................................................................................................................................................
Operating Rules For Radius Accounting73................................................................................................................................................................
Steps For Configuring Radius Accounting73................................................................................................................................................................
Viewing Radius Statistics79................................................................................................................................................................
General Radius Statistics79................................................................................................................................................................
Radius Authentication Statistics81................................................................................................................................................................
Radius Accounting Statistics82................................................................................................................................................................
Changing Radius-server Access Order83................................................................................................................................................................
Messages Related To Radius Operation85................................................................................................................................................................
Configuring Secure Shell (ssh)87................................................................................................................................................................
Prerequisite For Using Ssh91................................................................................................................................................................
Public Key Formats91................................................................................................................................................................
Steps For Configuring And Using Ssh For Switch And Client92................................................................................................................................................................
Authentication92................................................................................................................................................................
General Operating Rules And Notes94................................................................................................................................................................
Configuring The Switch For Ssh Operation95................................................................................................................................................................
Assigning A Local Login (operator) And Enable (manager)95................................................................................................................................................................
Password95................................................................................................................................................................
Generating The Switch's Public And Private Key Pair96................................................................................................................................................................
Providing The Switch's Public Key To Clients98................................................................................................................................................................
Enabling Ssh On The Switch And Anticipating Ssh Client101................................................................................................................................................................
Contact Behavior101................................................................................................................................................................
Configuring The Switch For Ssh Authentication104................................................................................................................................................................
Use An Ssh Client To Access The Switch107................................................................................................................................................................
Further Information On Ssh Client Public-key Authentication107................................................................................................................................................................
Messages Related To Ssh Operation113................................................................................................................................................................
Configuring Secure Socket Layer (ssl)116................................................................................................................................................................
Prerequisite For Using Ssl119................................................................................................................................................................
Steps For Configuring And Using Ssl For Switch And Client119................................................................................................................................................................
Configuring The Switch For Ssl Operation121................................................................................................................................................................
Generating The Switch's Server Host Certificate123................................................................................................................................................................
Enabling Ssl On The Switch And Anticipating Ssl Browser131................................................................................................................................................................
Common Errors In Ssl Setup135................................................................................................................................................................
Configuring Port-based Access Control (802.1x)137................................................................................................................................................................
Why Use Port-based Access Control138................................................................................................................................................................
General Features138................................................................................................................................................................
How 802.1x Operates141................................................................................................................................................................
Authenticator Operation141................................................................................................................................................................
Switch-port Supplicant Operation142................................................................................................................................................................
General Setup Procedure For Port-based Access Control147................................................................................................................................................................
(802.1x)147................................................................................................................................................................
Do These Steps Before You Configure 802.1x Operation147................................................................................................................................................................
Overview: Configuring 802.1x Authentication On The Switch148................................................................................................................................................................
Configuring Switch Ports As 802.1x Authenticators150................................................................................................................................................................
Enable 802.1x Authentication On Selected Ports150................................................................................................................................................................
Configure The 802.1x Authentication Method154................................................................................................................................................................
Enter The Radius Host Ip Address(es)155................................................................................................................................................................
Enable 802.1x Authentication On The Switch155................................................................................................................................................................
802.1x Open Vlan Mode156................................................................................................................................................................
Introduction156................................................................................................................................................................
Use Models For 802.1x Open Vlan Modes157................................................................................................................................................................
Operating Rules For Authorized-client And Unauthorized-client160................................................................................................................................................................
Vlans160................................................................................................................................................................
Setting Up And Configuring 802.1x Open Vlan Mode162................................................................................................................................................................
802.1x Open Vlan Operating Notes166................................................................................................................................................................
Option For Authenticator Ports: Configure Port-security To Allow Only 802.1x Devices167................................................................................................................................................................
Configuring Switch Ports To Operate As Supplicants For 802.1x Connections To Other Switches169................................................................................................................................................................
Displaying 802.1x Configuration, Statistics, And Counters173................................................................................................................................................................
Show Commands For Port-access Authenticator173................................................................................................................................................................
Viewing 802.1x Open Vlan Mode Status175................................................................................................................................................................
Show Commands For Port-access Supplicant178................................................................................................................................................................
How Radius/802.1x Authentication Affects Vlan Operation179................................................................................................................................................................
Messages Related To 802.1x Operation183................................................................................................................................................................
Configuring And Monitoring Port Security185................................................................................................................................................................
Basic Operation186................................................................................................................................................................
Blocking Unauthorized Traffic187................................................................................................................................................................
Trunk Group Exclusion188................................................................................................................................................................
Planning Port Security189................................................................................................................................................................
Port Security Command Options And Operation190................................................................................................................................................................
Retention Of Static Mac Addresses194................................................................................................................................................................
Displaying Current Port Security Settings194................................................................................................................................................................
Configuring Port Security196................................................................................................................................................................
Web: Displaying And Configuring Port Security Features201................................................................................................................................................................
Reading Intrusion Alerts And Resetting Alert Flags201................................................................................................................................................................
Notice Of Security Violations201................................................................................................................................................................
How The Intrusion Log Operates202................................................................................................................................................................
Keeping The Intrusion Log Current By Resetting Alert Flags203................................................................................................................................................................
Using The Event Log To Find Intrusion Alerts208................................................................................................................................................................
Web: Checking For Intrusions, Listing Intrusion Alerts, And208................................................................................................................................................................
Operating Notes For Port Security209................................................................................................................................................................
Traffic/security Filters (hp Procurve Switch 2824 And 2848)212................................................................................................................................................................
Using Source-port Filters214................................................................................................................................................................
Operating Rules For Source-port Filters214................................................................................................................................................................
Configuring A Source-port Filter215................................................................................................................................................................
Viewing A Source-port Filter217................................................................................................................................................................
Filter Indexing218................................................................................................................................................................
Editing A Source-port Filter219................................................................................................................................................................
Using Authorized Ip Managers222................................................................................................................................................................
Options223................................................................................................................................................................
Access Levels223................................................................................................................................................................
Defining Authorized Management Stations224................................................................................................................................................................
Overview Of Ip Mask Operation224................................................................................................................................................................
Menu: Viewing And Configuring Ip Authorized Managers225................................................................................................................................................................
Cli: Viewing And Configuring Authorized Ip Managers226................................................................................................................................................................
Web: Configuring Ip Authorized Managers228................................................................................................................................................................
Building Ip Masks229................................................................................................................................................................
Configuring One Station Per Authorized Manager Ip Entry229................................................................................................................................................................
Configuring Multiple Stations Per Authorized Manager Ip Entry230................................................................................................................................................................
Additional Examples For Authorizing Multiple Stations232................................................................................................................................................................

Share and save

Advertisement