Sign In
Upload
Manuals
Brands
ProCurve Manuals
Switch
ProCurve Switch 2900-24G
ProCurve ProCurve Switch 2900-24G Manuals
Manuals and User Guides for ProCurve ProCurve Switch 2900-24G. We have
1
ProCurve ProCurve Switch 2900-24G manual available for free PDF download: Manual
ProCurve ProCurve Switch 2900-24G Manual (432 pages)
Brand:
ProCurve
| Category:
Switch
| Size: 3.63 MB
Table of Contents
Table of Contents
5
Product Documentation
17
About Your Switch Manual Set
17
Feature Index
18
Security Overview
23
Contents
23
Introduction
25
About this Guide
25
Switch Access Security
25
For more Information
25
Default Configuration Settings and Access Security
26
Local Manager Password
26
Inbound Telnet Access and Web Browser Access
26
SNMP Access (Simple Network Management Protocol)
27
Front-Panel Access and Physical Security
28
Secure File Transfers
28
TACACS+ Authentication
29
RADIUS Authentication
29
Secure Management VLAN
29
Authorized IP Managers
29
Other Provisions for Management Access Security
29
Network Security Features
30
802.1X Access Control
30
Web and MAC Authentication
30
Secure Shell (SSH)
31
Secure Socket Layer (Sslv3/Tlsv1)
31
Traffic/Security Filters
31
Port Security, MAC Lockdown, and MAC Lockout
32
Identity-Driven Manager (IDM)
33
Key Management System (KMS)
33
Dynamic Configuration Arbiter
34
Network Immunity Manager
35
Arbitrating Client-Specific Attributes
36
Configuring Username and Password Security
39
Contents
39
Overview
41
Configuring Local Password Security
44
Menu: Setting Passwords
44
CLI: Setting Passwords and Usernames
46
Web: Setting Passwords and Usernames
47
Benefits of Saving Security Credentials
48
Config File
48
Saving Security Credentials in a
48
Enabling the Storage and Display of Security Credentials
49
Security Settings that Can be Saved
50
Local Manager and Operator Passwords
50
Password Command Options
51
SNMP Security Credentials
52
802.1X Port-Access Credentials
52
TACACS+ Encryption Key Authentication
53
RADIUS Shared-Secret Key Authentication
54
SSH Client Public-Key Authentication
54
Operating Notes
57
Restrictions
59
Front-Panel Security
61
When Security Is Important
61
Front-Panel Button Functions
62
Clear Button
62
Reset Button
63
Restoring the Factory Default Configuration
63
Configuring Front-Panel Security
64
Disabling the Clear Password Function of the Clear Button on the Switch's Front Panel
67
Re-Enabling the Clear Button on the Switch's Front Panel and Setting or Changing the "Reset-On-Clear" Operation
68
Changing the Operation of the Reset+Clear Combination
69
Password Recovery
70
Disabling or Re-Enabling the Password Recovery Process
70
Password Recovery Process
72
Web and MAC Authentication
73
Contents
73
Overview
75
Web Authentication
75
MAC Authentication
76
Authorized and Unauthorized Client Vlans
76
RADIUS-Based Authentication
77
Wireless Clients
77
How Web and MAC Authentication Operate
78
Web-Based Authentication
78
Customized Login Web Pages
81
MAC-Based Authentication
81
Terminology
83
Operating Rules and Notes
84
Setup Procedure for Web/Mac Authentication
86
Before You Configure Web/Mac Authentication
86
Configuring the RADIUS Server to Support MAC Authentication
89
Using Customized Login Web Pages for Enhanced Web Authentication
89
Configuring a DNS Server for Enhanced Web Authentication
100
Configuring the Switch to Access a RADIUS Server
100
Configuring Web Authentication
102
Overview
102
Configuration Commands for Web Authentication
104
Show Commands for Web Authentication
111
Configuring MAC Authentication on the Switch
117
Overview
117
Configuration Commands for MAC Authentication
118
Show Commands for MAC-Based Authentication
121
Client Status
126
TACACS+ Authentication
127
Contents
127
Overview
128
Terminology Used in TACACS Applications
129
General System Requirements
131
General Authentication Setup Procedure
131
Configuring TACACS+ on the Switch
134
Before You Begin
134
CLI Commands Described in this Section
135
Viewing the Switch's Current Authentication Configuration
135
Viewing the Switch's Current TACACS+ Server Contact Configuration
136
Configuring the Switch's Authentication Methods
136
Using the Privilege-Mode Option for Login
137
Authentication Parameters
138
Configuring the TACACS+ Server for Single Login
139
Configuring the Switch's TACACS+ Server Access
144
How Authentication Operates
150
General Authentication Process Using a TACACS+ Server
150
Local Authentication Process
151
Using the Encryption Key
152
General Operation
152
Encryption Options in the Switch
153
Controlling Web Browser Interface Access When Using TACACS+ Authentication
154
Messages Related to TACACS+ Operation
154
Operating Notes
155
RADIUS Authentication and Accounting
159
Overview
159
Authentication Services
159
RADIUS-Administered Cos
160
Accounting Services
160
Terminology
161
Switch Operating Rules for RADIUS
162
General RADIUS Setup Procedure
163
Configuring the Switch for RADIUS Authentication
164
Outline of the Steps for Configuring RADIUS Authentication
165
Configure Authentication for the Access Methods You Want RADIUS to Protect
166
Enable the (Optional) Access Privilege Option
169
Configure the Switch to Access a RADIUS Server
170
Configure the Switch's Global RADIUS Parameters
173
Local Authentication Process
177
Controlling Web Browser Interface Access
178
Commands Authorization
179
Enabling Authorization
180
Displaying Authorization Information
181
Configuring Commands Authorization on a RADIUS Server
181
Using Vendor Specific Attributes (Vsas)
181
Example Configuration on Cisco Secure ACS for MS Windows
183
Example Configuration on Cisco Secure ACS for MS Windows 5-27
183
Example Configuration Using Freeradius
185
VLAN Assignment in an Authentication Session
187
Tagged and Untagged VLAN Attributes
188
Additional RADIUS Attributes
189
Configuring RADIUS Accounting
190
Operating Rules for RADIUS Accounting
191
Steps for Configuring RADIUS Accounting
192
Configure the Switch to Access a RADIUS Server
193
Configure Accounting Types and the Controls for Sending Reports to the RADIUS Server
194
Optional) Configure Session Blocking and Interim Updating Options
196
Viewing RADIUS Statistics
198
General RADIUS Statistics
198
RADIUS Authentication Statistics
200
RADIUS Accounting Statistics
201
Changing RADIUS-Server Access Order
202
Messages Related to RADIUS Operation
205
Configuring Secure Shell (SSH)
208
Overview
208
Terminology
209
Prerequisite for Using SSH
211
Public Key Formats
211
Steps for Configuring and Using SSH for Switch and Client Authentication
212
General Operating Rules and Notes
214
Configuring the Switch for SSH Operation
215
Enable (Manager) Password
215
Assigning a Local Login (Operator) and Enable (Manager) Password
215
Generating the Switch's Public and Private Key Pair
216
Providing the Switch's Public Key to Clients
219
Enabling SSH on the Switch and Anticipating SSH Client Contact Behavior
221
Configuring the Switch for SSH Authentication
224
Use an SSH Client to Access the Switch
228
Further Information on SSH Client Public-Key Authentication
228
Messages Related to SSH Operation
234
Configuring Secure Socket Layer (SSL)
238
Overview
238
Terminology
239
Prerequisite for Using SSL
241
Steps for Configuring and Using SSL for Switch and Client
241
Authentication
241
General Operating Rules and Notes
242
Configuring the Switch for SSL Operation
243
Assigning a Local Login (Operator) and Enable (Manager)Password
243
Generating the Switch's Server Host Certificate
244
To Generate or Erase the Switch's Server Certificate
245
With the CLI
245
Comments on Certificate Fields
246
Generate a Self-Signed Host Certificate with the Web Browser Interface
248
Generate a CA-Signed Server Host Certificate with the Web Browser Interface
251
Enabling SSL on the Switch and Anticipating SSL Browser Contact Behavior
253
Using the CLI Interface to Enable SSL
255
Using the Web Browser Interface to Enable SSL
255
Common Errors in SSL Setup
257
Introduction
260
Overview
260
Traffic/Security Filters and Monitors
260
Filter Limits
261
Using Port Trunks with Filters
261
Filter Types and Operation
261
Source-Port Filters
262
Operating Rules for Source-Port Filters
262
Example
263
Named Source-Port Filters
264
Operating Rules for Named Source-Port Filters
264
Defining and Configuring Named Source-Port Filters
265
Viewing a Named Source-Port Filter
267
Using Named Source-Port Filters
267
Static Multicast Filters
273
Protocol Filters
274
Configuring Traffic/Security Filters
275
Configuring a Source-Port Traffic Filter
276
Example of Creating a Source-Port Filter
277
Configuring a Filter on a Port Trunk
277
Editing a Source-Port Filter
278
Configuring a Multicast or Protocol Traffic Filter
279
Filter Indexing
280
Displaying Traffic/Security Filters
281
Configuring Port-Based and User-Based Access Control (802.1X)
283
Contents
283
Overview
286
Why Use Port-Based or User-Based Access Control
286
General Features
286
User Authentication Methods
287
802.1X User-Based Access Control
287
802.1X Port-Based Access Control
288
Terminology
289
Alternative to Using a RADIUS Server
289
Accounting
289
General 802.1X Authenticator Operation
292
Example of the Authentication Process
292
VLAN Membership Priority
293
General Operating Rules and Notes
295
General Setup Procedure for 802.1X Access Control
297
Do These Steps before You Configure 802.1X Operation
297
Overview: Configuring 802.1X Authentication on the Switch
300
Configuring Switch Ports as 802.1X Authenticators
301
Enable 802.1X Authentication on Selected Ports
302
Enable the Selected Ports as Authenticators and Enable the (Default) Port-Based Authentication
302
Specify User-Based Authentication or Return to Port-Based Authentication
303
Example: Configuring User-Based 802.1X Authentication
304
Example: Configuring Port-Based 802.1X Authentication
304
Reconfigure Settings for Port-Access
304
Configure the 802.1X Authentication Method
308
Enter the RADIUS Host IP Address(Es)
309
Enable 802.1X Authentication on the Switch
309
Optional: Configure 802.1X Controlled Directions
310
Optional: Reset Authenticator Operation
310
Wake-On-LAN Traffic
311
Operating Notes
311
Example: Configuring 802.1X Controlled Directions
312
802.1X Open VLAN Mode
313
Introduction
313
VLAN Membership Priorities
314
Use Models for 802.1X Open VLAN Modes
315
Operating Rules for Authorized-Client and Unauthorized-Client Vlans
320
Setting up and Configuring 802.1X Open VLAN Mode
324
802.1X Open VLAN Operating Notes
328
Option for Authenticator Ports: Configure Port-Security to Allow Only 802.1X-Authenticated Devices
329
Port-Security
330
Configuring Switch Ports to Operate as Supplicants for 802.1X Connections to Other Switches
331
Example
331
Supplicant Port Configuration
333
Displaying 802.1X Configuration, Statistics, and Counters
335
Show Commands for Port-Access Authenticator
335
Viewing 802.1X Open VLAN Mode Status
344
Show Commands for Port-Access Supplicant
346
How RADIUS/802.1X Authentication Affects VLAN Operation
347
VLAN Assignment on a Port
348
Operating Notes
348
Example of Untagged VLAN Assignment in a RADIUS-Based Authentication Session
350
Enabling the Use of GVRP-Learned Dynamic Vlans in Authentication Sessions
353
Operating Note
355
Messages Related to 802.1X Operation
356
Configuring and Monitoring Port Security
357
Contents
357
Overview
359
Port Security
360
Basic Operation
360
Eavesdrop Protection
361
Blocking Unauthorized Traffic
361
Trunk Group Exclusion
362
Planning Port Security
363
Port Security Command Options and Operation
364
Port Security Display Options
364
Configuring Port Security
368
Retention of Static Addresses
372
MAC Lockdown
378
Differences between MAC Lockdown and Port Security
379
MAC Lockdown Operating Notes
380
Deploying MAC Lockdown
381
MAC Lockout
385
Port Security and MAC Lockout
387
Web: Displaying and Configuring Port Security Features
388
Reading Intrusion Alerts and Resetting Alert Flags
388
Notice of Security Violations
388
How the Intrusion Log Operates
389
Keeping the Intrusion Log Current by Resetting Alert Flags
390
Menu: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags
391
CLI: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags
392
Using the Event Log to Find Intrusion Alerts
394
Web: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags
395
Operating Notes for Port Security
396
Using Authorized IP Managers
400
Overview
400
Options
401
Access Levels
401
Defining Authorized Management Stations
402
Overview of IP Mask Operation
402
Menu: Viewing and Configuring IP Authorized Managers
403
Listing the Switch's Current Authorized IP Manager(S)
404
CLI: Viewing and Configuring Authorized IP Managers
404
Configuring IP Authorized Managers for the Switch
405
Web: Configuring IP Authorized Managers
407
Web Proxy Servers
407
How to Eliminate the Web Proxy Server
407
Configuring One Station Per Authorized Manager IP Entry
408
Using a Web Proxy Server to Access the Web
408
Browser Interface
408
Building IP Masks
408
Web-Based Help
408
Using a Web Proxy Server to Access the Web Browser Interface
408
Configuring Multiple Stations Per Authorized Manager IP Entry
409
Additional Examples for Authorizing Multiple Stations
411
Operating Notes
411
Key Management System
414
Overview
414
Terminology
414
Configuring Key Chain Management
415
Creating and Deleting Key Chain Entries
415
Assigning a Time-Independent Key to a Chain
416
Assigning Time-Dependent Keys to a Chain
417
Index
421
Advertisement
Advertisement
Related Products
ProCurve 2900
ProCurve ProCurve Switch 2900-48G
ProCurve 2910al-24g
ProCurve 2910al-48g
ProCurve 2910al-48g-poe+
ProCurve 2910al-24g-poe+
ProCurve 2848
ProCurve 2810-48G J9022A
ProCurve 2610-24
ProCurve 2610-24-PWR
ProCurve Categories
Switch
Network Router
Wireless Access Point
Network Hardware
Security System
More ProCurve Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL