HP 3500yl Series User Manual

Overview of switch's access security features, authentication protocols, and methods, with configuration guidelines.

Outlines features and defense mechanisms for protecting access through the switch to the network.

Recommends enforcing a security policy to ensure ease of getting started is not exploited by unauthorized persons.

Explains console access levels (Manager and Operator) and password configuration.

Details setting passwords for Manager and Operator levels via menu, CLI, or WebAgent.

Describes storing and viewing security settings (passwords, keys) in the running-config file.

Explains front-panel security features for clearing passwords or restoring factory defaults.

Explains how connection-rate filtering helps protect the network from worm-like malicious code.

Provides guidance on enabling connection-rate filtering and configuring responses to high connection-rate traffic.

Describes port-based security measures for protecting private networks and the switch from unauthorized access.

Outlines steps to configure Web Authentication using a RADIUS server.

Details the process of configuring MAC Authentication on the switch.

Explains how to create customized login web pages to improve the look and feel of Web Authentication.

Explains how TACACS+ authentication enables the use of a central server to allow or deny access.

Defines key terms related to TACACS+ operations, such as NAS, TACACS+ Server, and Authentication.

Provides steps for configuring the switch to support TACACS+ operation.

Explains how RADIUS enables the use of servers to maintain separate authentication and accounting.

Describes how to configure the switch to interact with a RADIUS server for authentication.

Provides guidelines for configuring RADIUS servers to dynamically apply CoS and rate-limiting features.

Describes how to apply RADIUS-assigned ACLs on the switch and assumes a general understanding of ACL structure.

Explains how SSHv2 provides secure remote access via encrypted paths.

Outlines general steps for configuring SSH for two-way authentication between the switch and an SSH client.

Describes commands used to configure the switch for SSH operation.

Explains how SSLv3 and TLSv1 provide remote web access via encrypted paths.

Details the general steps for configuring SSL for switch and client authentication.

Describes CLI commands for generating certificates and enabling SSL.

Defines ACLs and ACEs, and describes how to configure, apply, and edit static IPv4 ACLs.

Explains static ACL applications (RACL, VACL, Static Port ACL) and dynamic RADIUS-assigned ACLs.

Provides a summary of commands for creating, editing, and deleting standard IPv4 ACLs.

Provides a summary of commands for creating, editing, and deleting extended IPv4 ACLs.

Describes software features providing advanced threat protection against attacks.

Explains how DHCP snooping protects the network from common DHCP attacks.

Details how dynamic ARP protection protects the network from ARP cache poisoning attacks.

Explains how dynamic IP lockdown prevents IP source address spoofing on a per-port and per-VLAN basis.

Explains why port-based or user-based access control is used and its general features.

Details the two methods for using 802.1X access control: Port-Based and User-Based.

Outlines steps to configure switch ports to operate as 802.1X authenticators.

Outlines features and defense mechanisms for protecting access through the switch to the network.

Details how to configure each switch port with a unique list of MAC addresses of authorized devices.

Explains static addressing used to prevent station movement and MAC address hijacking.

Details how to block a specific MAC address to drop all traffic to or from it.

Explains how the Authorized IP Managers feature uses IP addresses and masks to determine station access.

Details how to authorize single stations or groups of stations for IP access.

Provides latest documentation information and lists electronic publications.

Lists available publications in PDF format on the HP Networking web site.