EasyManua.ls Logo

HP ProCurve 6120G/XG User Manual

HP ProCurve 6120G/XG
606 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #256 background imageLoading...
Page #256 background image
Configuring RADIUS Server Support for Switch Services
Configuring and Using RADIUS-Assigned Access Control Lists
3. Configure the ACLs on a RADIUS server accessible to the intended clients.
4. Configure the switch to use the desired RADIUS server and to support the
desired client authentication scheme. Options include 802.1X, Web
authentication, or MAC authentication. (Note that the switch supports the
option of simultaneously using 802.1X with either Web or MAC authenti-
cation.)
5. Test client access on the network to ensure that your RADIUS-assigned
ACL application is properly enforcing your policies.
For further information common to all ACL applications, refer to the following
sections in chapter 9, “IPv4 Access Control Lists (ACLs)”:
“Features Common to All ACLs” on page 9-11
“General Steps for Planning and Configuring ACLs” on page 9-12
The Packet-filtering Process
Packet-Filtering in an applied ACL is sequential, from the first ACE in the ACL
to the implicit “deny any” following the last explicit ACE. This operation is the
same regardless of whether the ACL is applied dynamically from a RADIUS
server or statically in the switch configuration.
Note If a RADIUS-assigned ACL permits an authenticated client’s inbound IP
packet, but the client port is also configured with a static port ACL, then the
packet will also be filtered by these other ACLs. If there is a match with a deny
ACE in any of these ACLs, the switch drops the packet.
Caution ACLs can enhance network security by blocking selected IP traffic, and can
serve as one aspect of maintaining network security. However, because ACLs
do not provide user or device authentication, or protection from malicious
manipulation of data carried in IP packet transmissions, they should not
be relied upon for a complete security solution.
Operating Rules for RADIUS-Assigned ACLs
Relating a Client to a RADIUS-Assigned ACL: A RADIUS-assigned
ACL for a particular client must be configured in the RADIUS server under
the authentication credentials the server should expect for that client. (If
the client must authenticate using 802.1X and/or Web Authentication, the
username/password pair forms the credential set. If authentication is
6-16

Table of Contents

Other manuals for HP ProCurve 6120G/XG

Preview: Configuration Guide
Configuration Guide662 pages
Preview: Installation And Getting Started Guide
Installation And Getting Started Guide62 pages
Preview: Installation Instructions
Installation Instructions4 pages
Question and Answer IconNeed help?

Do you have a question about the HP ProCurve 6120G/XG and is the answer not in the manual?

HP ProCurve 6120G/XG Specifications

General IconGeneral
BrandHP
ModelProCurve 6120G/XG
CategorySwitch
LanguageEnglish

Summary

Security Overview

Access Security Features

Overview of the switch’s access security features, authentication protocols, and methods.

Network Security Features

Configuring Username and Password Security

Configuring Local Password Security

Describes how to configure local passwords for operator and manager access levels.

Front-Panel Security

Details front-panel security features for disabling button functions and managing password recovery.

Password Recovery

Web and MAC Authentication

Configuring Web Authentication

Describes how to configure the switch for Web authentication.

Configuring MAC Authentication on the Switch

Details how to configure MAC authentication on the switch.

TACACS+ Authentication

Configuring TACACS+ on the Switch

Guides the user through the process of configuring TACACS+ on the switch.

RADIUS Authentication, Authorization, and Accounting

General RADIUS Setup Procedure

Provides steps for preparing and testing the RADIUS service.

Configuring the Switch for RADIUS Authentication

Outlines the commands for configuring RADIUS authentication on the switch.

Configuring RADIUS Server Support for Switch Services

RADIUS Server Configuration for Per-Port CoS (802.1p Priority) and Rate-Limiting

Guidelines for configuring RADIUS to dynamically apply CoS and Rate-Limiting.

Configuring and Using RADIUS-Assigned Access Control Lists

Describes how to apply RADIUS-assigned ACLs on the switch.

Configuring Secure Shell (SSH)

Steps for Configuring and Using SSH for Switch and Client Authentication

Provides steps for configuring and using SSH for two-way authentication.

Configuring the Switch for SSH Operation

Details SSH-related CLI commands and their operations.

Configuring Secure Socket Layer (SSL)

Steps for Configuring and Using SSL for Switch and Client Authentication

Provides general steps for configuring and using SSL.

Configuring the Switch for SSL Operation

IPv4 Access Control Lists (ACLs)

ACL Operation

Planning an ACL Application

Configuring Advanced Threat Protection

DHCP Snooping

Protects the network from common DHCP attacks like address spoofing.

Dynamic ARP Protection

Protects the network from ARP cache poisoning attacks.

Dynamic IP Lockdown

Prevents IP source address spoofing on a per-port and per-VLAN basis.

Traffic/Security Filters and Monitors

Source-Port Filters

Named Source-Port Filters

Configuring Traffic/Security Filters

Provides procedures to specify filter types and actions on the switch.

Configuring Port-Based and User-Based Access Control (802.1X)

802.1X User-Based Access Control

802.1X Port-Based Access Control

General 802.1X Authenticator Operation

General Setup Procedure for 802.1X Access Control

Configuring Switch Ports as 802.1X Authenticators

Details how to configure ports to operate as 802.1X authenticators.

802.1X Open VLAN Mode

Configuring and Monitoring Port Security

Port Security

Explains basic operation, intruder protection, and eavesdrop prevention.

MAC Lockdown

MAC Lockout

Reading Intrusion Alerts and Resetting Alert Flags

Related product manuals