1-17
Security Overview
Precedence of Security Options
DCA allows client-specific parameters configured in any of the following ways
to be applied and removed as needed in a specified hierarchy of precedence.
When multiple values for an individual configuration parameter exist, the
value applied to a client session is determined in the following order (from
highest to lowest priority) in which a value configured with a higher priority
overrides a value configured with a lower priority:
1. Attribute profiles applied through the Network Immunity network-man-
agement application using SNMP (see “Network Immunity Manager”)
2. 802.1X authentication parameters (RADIUS-assigned)
3. Web- or MAC-authentication parameters (RADIUS-assigned)
4. Local, statically-configured parameters
Although RADIUS-assigned settings are never applied to ports for non-
authenticated clients, the Dynamic Configuration Arbiter allows you to
configure and assign client-specific port configurations to non-authenticated
clients, provided that a client’s MAC address is known in the switch in the
forwarding database. DCA arbitrates the assignment of attributes on both
authenticated and non-authenticated ports.
DCA does not support the arbitration and assignment of client-specific
attributes on trunk ports.
Network Immunity Manager
Network Immunity Manager (NIM) is a plug-in to HP E-PCM Plus and a key
component of the HP Network Immunity security solution that provides
comprehensive detection and per-port-response to malicious traffic at the HP
network edge. NIM allows you to apply policy-based actions to minimize the
negative impact of a client’s behavior on the network. For example, using NIM
you can apply a client-specific profile that adds or modifies per-port rate-
limiting and VLAN ID assignments.
Note NIM actions only support the configuration of per-port rate-limiting and VLAN
ID assignment; NIM does not support CoS (802.1p) priority assignment and
ACL configuration.
NIM-applied parameters temporarily override RADIUS-configured and locally
configured parameters in an authentication session. When the NIM-applied
action is removed, the previously applied client-specific parameter (locally
configured or RADIUS-assigned) is re-applied unless there have been other
configuration changes to the parameter. In this way, NIM allows you to
minimize network problems without manual intervention.
To Next Page
Loading...
Need help?
General