Home
HP
Switch
ProCurve 5412ZL
HP ProCurve 5412ZL Access Security Guide
5
of 1
of 1 rating
390 pages
Give review
Manual
Specs
To Next Page
To Next Page
Loading...
6200yl
Access Security Guide
5400zl
3500yl
Pr
oCurv
e Switches
K.
1
1.XX
www
.pr
ocurv
e.com
2
Table of Contents
Table of Contents
5
Product Documentation
17
About Your Switch Manual Set
17
Feature Index
18
Getting Started
23
Contents
23
Introduction
24
Conventions
24
Feature Descriptions by Model
24
Command Syntax Statements
25
Command Prompts
25
Screen Simulations
26
Port Identity Examples
26
Configuration and Operation Examples
26
Keys
26
Sources for more Information
27
Getting Documentation from the Web
29
Online Help
29
Need Only a Quick Start
30
IP Addressing
30
To Set up and Install the Switch in Your Network
31
Physical Installation
31
Premium Edge Switch Features
31
Overview of Access Security Features
32
General Switch Traffic Security Guideline
33
Applications for Access Control Lists (Acls)
34
Configuring Username and Password Security/
35
Configuring Username and Password Security
35
Contents
35
Overview
36
Configuring Local Password Security
39
Menu: Setting Passwords
39
CLI: Setting Passwords and Usernames
41
Front-Panel Security
42
Web: Setting Passwords and Usernames
42
When Security Is Important
43
Clear Button
44
Front-Panel Button Functions
44
Reset Button
45
Restoring the Factory Default Configuration
45
Configuring Front-Panel Security
46
Disabling the Clear Password Function of the Clear Button
48
Disabling the Clear Password Function of the Clear Button on the Switch's Front Panel
48
On the Switch's Front Panel
48
And Setting or Changing the "Reset-On-Clear" Operation
50
Re-Enabling the Clear Button on the Switch's Front Panel
50
Re-Enabling the Clear Button on the Switch's Front Panel and Setting or Changing the "Reset-On-Clear" Operation
50
Changing the Operation of the Reset+Clear Combination
51
Disabling or Re-Enabling the Password Recovery Process
52
Password Recovery
52
Password Recovery Process
54
Virus Throttling/
57
Contents
57
Virus Throttling
57
Introduction
59
Filtering Options
61
General Operation of Connection-Rate Filtering
61
Application Options
62
Sensitivity to Connection Rate Detection
62
Terminology
63
Operating Rules
64
For a Network that Is Relatively Attack-Free
65
General Configuration Guidelines
65
For a Network that Appears to be under Significant Attack
66
Basic Connection-Rate Filtering Configuration
67
Global and Per-Port Configuration
67
Enabling Connection-Rate Filtering and Configuring Sensitivity
68
Configuring the Per-Port Filtering Mode
69
Example of a Basic Connection-Rate Filtering Configuration
70
Viewing and Managing Connection-Rate Status
72
Viewing the Connection-Rate Configuration
72
Listing and Unblocking the Currently-Blocked Hosts
74
Configuring and Applying Connection-Rate Acls
76
Configuring and Applying Connection-Rate Acls
77
Connection-Rate ACL Operation
77
Configuring a Connection-Rate ACL Using
78
Configuring a Connection-Rate ACL Using Source IP Address Criteria
78
Source IP Address Criteria
78
Configuring a Connection-Rate ACL Using UDP/TCP Criteria
79
Applying Connection-Rate Acls
82
Using CIDR Notation to Enter the ACE Mask
82
Example of Using an ACL in a Connection-Rate Configuration
83
Operating Notes
86
Connection-Rate Log and Trap Messages
87
Web and Mac Authentication/
89
Contents
89
Web and MAC Authentication
89
Overview
90
Client Options
91
General Features
91
Authenticator Operation
93
How Web and MAC Authentication Operate
93
Web-Based Authentication
93
MAC-Based Authentication
95
Terminology
97
Operating Rules and Notes
98
Do These Steps before You Configure Web/Mac Authentication
100
General Setup Procedure for Web/Mac Authentication
100
Additional Information for Configuring the RADIUS
101
Additional Information for Configuring the RADIUS Server to Support MAC Authentication
101
Server to Support MAC Authentication
101
Configuring the Switch to Access a RADIUS Server
102
Configuring the Switch to Access a RADIUS Server
103
Configuring Web Authentication on the Switch
105
Overview
105
Configure the Switch for Web-Based Authentication
106
Configuring MAC Authentication on the Switch
110
Overview
110
Configure the Switch for MAC-Based Authentication
111
Show Status and Configuration of Web-Based Authentication
114
Show Status and Configuration of MAC-Based Authentication
115
Client Status
117
Tacacs+ Authentication/
119
Contents
119
TACACS+ Authentication
119
Overview
120
Terminology Used in TACACS Applications
121
General Authentication Setup Procedure
123
General System Requirements
123
General Authentication Setup Procedure
124
Before You Begin
126
Configuring TACACS+ on the Switch
126
CLI Commands Described in this Section
127
Viewing the Switch's Current Authentication Configuration
127
Server Contact Configuration
128
Viewing the Switch's Current TACACS
128
Viewing the Switch's Current TACACS+ Server Contact Configuration
128
Configuring the Switch's Authentication Methods
129
Configuring the Switch's TACACS+ Server Access
133
General Authentication Process Using a TACACS+ Server
138
How Authentication Operates
138
Local Authentication Process
140
Encryption Options in the Switch
141
General Operation
141
Using the Encryption Key
141
Access When Using TACACS+ Authentication
142
Controlling Web Browser Interface
142
Messages Related to TACACS+ Operation
143
Operating Notes
143
Table of Contents
145
Authentication Services
147
Overview
147
Accounting Services
148
RADIUS-Administered Cos and Rate-Limiting
148
Terminology
148
Switch Operating Rules for RADIUS
149
General RADIUS Setup Procedure
151
Configuring the Switch for RADIUS Authentication
152
Outline of the Steps for Configuring RADIUS Authentication
153
Configure Authentication for the Access Methods
154
You Want RADIUS to Protect
154
Enable the (Optional) Access Privilege Option
156
Configure the Switch to Access a RADIUS Server
157
Configure the Switch's Global RADIUS Parameters
159
Local Authentication Process
163
Controlling Web Browser Interface Access
164
Configuring RADIUS Accounting
165
Operating Rules for RADIUS Accounting
166
Configure the Switch to Access a RADIUS Server
167
Steps for Configuring RADIUS Accounting
167
Configure Accounting Types and the Controls for Sending Reports to the RADIUS Server
169
Optional) Configure Session Blocking and Interim Updating Options
171
RADIUS Authentication Statistics
175
Viewing RADIUS Statistics
175
Table of Contents
181
Overview
182
Terminology
183
Prerequisite for Using SSH
185
Public Key Formats
185
For Switch and Client Authentication
186
Steps for Configuring and Using SSH
186
General Operating Rules and Notes
188
Assigning a Local Login (Operator) and
189
Generating the Switch's Public and Private Key Pair
190
Providing the Switch's Public Key to Clients
192
Enabling SSH on the Switch and Anticipating SSH Client Contact Behavior
195
Configuring the Switch for SSH Authentication
198
Use an SSH Client to Access the Switch
201
Further Information on SSH Client Public-Key Authentication
202
Messages Related to SSH Operation
207
Table of Contents
209
Overview
210
Terminology
211
Prerequisite for Using SSL
213
Steps for Configuring and Using SSL for Switch and Client
213
General Operating Rules and Notes
214
Assigning a Local Login (Operator) and Enable (Manager)Password
215
Configuring the Switch for SSL Operation
215
Generating the Switch's Server Host Certificate
217
To Generate or Erase the Switch's Server Certificate
218
With the CLI
218
Comments on Certificate Fields
219
Generate a Self-Signed Host Certificate with the Web Browser
221
Interface
221
Generate a CA-Signed Server Host Certificate with the Web Browser Interface
223
Enabling SSL on the Switch and Anticipating SSL Browser Contact Behavior
225
Using the CLI Interface to Enable SSL
227
Using the Web Browser Interface to Enable SSL
227
Common Errors in SSL Setup
229
Table of Contents
231
Introduction
232
Overview
232
Filter Limits
233
Filter Types and Operation
233
Using Port Trunks with Filters
233
Operating Rules for Source-Port Filters
234
Source-Port Filters
234
Named Source-Port Filters
236
Operating Rules for Named Source-Port Filters
236
Defining and Configuring Named Source-Port Filters
237
Viewing a Named Source-Port Filter
238
Static Multicast Filters
245
Protocol Filters
246
Configuring Traffic/Security Filters
247
Configuring a Source-Port Traffic Filter
248
Configuring a Filter on a Port Trunk
249
Example of Creating a Source-Port Filter
249
Editing a Source-Port Filter
250
Configuring a Multicast or Protocol Traffic Filter
251
Filter Indexing
252
Displaying Traffic/Security Filters
253
Table of Contents
255
General Features
257
Overview
257
Why Use Port-Based or Client-Based Access Control
257
802.1X Client-Based Access Control
258
User Authentication Methods
258
802.1X Port-Based Access Control
259
Accounting
260
Alternative to Using a RADIUS Server
260
Example of the Authentication Process
263
General 802.1X Authenticator Operation
263
VLAN Membership Priority
264
General Operating Rules and Notes
266
Do These Steps before You Configure 802.1X Operation
268
General Setup Procedure for 802.1X Access Control
268
Overview: Configuring 802.1X Authentication on the Switch
269
Enable 802.1X Authentication on Selected Ports
271
Enable the Selected Ports as Authenticators and Enable the (Default) Port-Based Authentication
271
Specify Client-Based or Return to Port-Based 802.1X Authentication
272
Example: Configuring Client-Based 802.1X Authentication
273
Example: Configuring Port-Based 802.1X Authentication
273
Reconfigure Settings for Port-Access
273
Configure the 802.1X Authentication Method
275
Enter the RADIUS Host IP Address(Es)
276
Enable 802.1X Authentication on the Switch
277
Optionally Resetting Authenticator Operation
277
802.1X Open VLAN Mode
278
Introduction
278
VLAN Membership Priorities
279
Use Models for 802.1X Open VLAN Modes
280
Operating Rules for Authorized-Client and Unauthorized-Client Vlans
285
Setting up and Configuring 802.1X Open VLAN Mode
289
802.1X Open VLAN Operating Notes
293
Option for Authenticator Ports: Configure Port-Security to Allow Only 802.1X-Authenticated Devices
294
Port-Security
295
Configuring Switch Ports to Operate as Supplicants for 802.1X Connections to Other Switches
296
Example
296
Supplicant Port Configuration
298
Displaying 802.1X Configuration, Statistics, and Counters
300
Show Commands for Port-Access Authenticator
300
Viewing 802.1X Open VLAN Mode Status
302
Show Commands for Port-Access Supplicant
306
How RADIUS/802.1X Authentication Affects VLAN Operation
307
Operating Notes
311
Messages Related to 802.1X Operation
312
Table of Contents
313
Basic Operation
316
Port Security
316
Blocking Unauthorized Traffic
317
Eavesdrop Protection
317
Trunk Group Exclusion
318
Planning Port Security
319
Configuring Port Security
324
Retention of Static Addresses
330
Differences between MAC Lockdown and Port Security
337
MAC Lockdown Operating Notes
338
Deploying MAC Lockdown
339
MAC Lockout
343
Port Security and MAC Lockout
345
Notice of Security Violations
346
Reading Intrusion Alerts and Resetting Alert Flags
346
Web: Displaying and Configuring Port Security Features
346
How the Intrusion Log Operates
347
Keeping the Intrusion Log Current by Resetting Alert Flags
348
Menu: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags
349
CLI: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags
350
Using the Event Log to Find Intrusion Alerts
352
Table of Contents
357
Overview
358
Access Levels
359
Defining Authorized Management Stations
360
Overview of IP Mask Operation
360
Menu: Viewing and Configuring IP Authorized Managers
361
CLI: Viewing and Configuring Authorized IP Managers
362
Listing the Switch's Current Authorized IP Manager(S)
362
Building IP Masks
365
Configuring One Station Per Authorized Manager IP Entry
365
Web: Configuring IP Authorized Managers
365
Configuring Multiple Stations Per Authorized Manager IP Entry
366
Additional Examples for Authorizing Multiple Stations
368
Operating Notes
368
Overview
372
Configuring Key Chain Management
373
Creating and Deleting Key Chain Entries
373
Assigning a Time-Independent Key to a Chain
374
Assigning Time-Dependent Keys to a Chain
375
Other manuals for HP ProCurve 5412ZL
Advanced Traffic Management Guide
460 pages
Planning And Implementation Guide
168 pages
5
Based on 1 rating
Ask a question
Give review
Questions and Answers:
Need help?
Do you have a question about the HP ProCurve 5412ZL and is the answer not in the manual?
Ask a question
HP ProCurve 5412ZL Specifications
General
Input Voltage
100-240 VAC
Jumbo Frame Support
Yes
Layer
Layer 3
Port Type
10/100/1000Base-T, SFP
Management
CLI, Web, SNMP
Related product manuals
HP ProCurve 5400zl
765 pages
HP ProCurve 5406zl
460 pages
HP ProCurve 5400zl Series
4 pages
HP ProCurve Switch 5406zl
52 pages
HP ProCurve Series 5400zl
108 pages
HP ProCurve 5308xl
664 pages
HP ProCurve 5300xl Series
664 pages
HP ProCurve
236 pages
HP ProCurve 2512
1 page
HP ProCurve 3500
130 pages
HP ProCurve 2610
364 pages
HP ProCurve Series
110 pages
Need help?
General
To Next Page
