HP ProCurve Switch 2650 User Manual

Explains the security features for console access, including Manager and Operator levels, and password pair configuration.

Details how to set, delete, and recover local passwords for switch management via Menu, CLI, or Web interface.

Provides CLI commands for configuring manager and operator passwords and optional usernames for secure access.

Guides users on configuring usernames and passwords for switch access via the web browser interface.

Introduces TACACS+ authentication for centralizing access control and managing user privileges across multiple switches.

Outlines the necessary components for using TACACS+ authentication, including server applications and switch configuration.

Provides a general procedure for setting up and testing TACACS+ authentication to prevent accidental lockouts.

Details the CLI commands and steps required to configure TACACS+ operation on the switch.

Explains how to configure AAA authentication methods for console and Telnet access using local, TACACS+, or RADIUS.

Guides on configuring TACACS+ server parameters, including host IP addresses, encryption keys, and timeout values.

Describes the general process of TACACS+ authentication, including server interactions and local fallback.

Provides methods to prevent unauthorized web browser access when TACACS+ authentication is enabled.

Lists and explains common CLI messages generated during TACACS+ operation for troubleshooting.

Introduces RADIUS for user authentication and network resource accounting, supporting up to three servers.

Defines key terms used in RADIUS authentication and accounting, such as CHAP, EAP, NAS, and Shared Secret Key.

Outlines the preparation steps needed before configuring RADIUS authentication on the switch.

Details the steps to configure RADIUS authentication for various access methods like Serial, Telnet, SSH, and Port-Access.

Explains how to configure RADIUS accounting for collecting and sending user activity and system event data to a RADIUS server.

Describes how to view general RADIUS configuration and server-specific statistics for monitoring.

Provides instructions on how to modify the order in which the switch accesses configured RADIUS servers.

Lists and explains common messages encountered during RADIUS operation for troubleshooting purposes.

Introduces SSH for secure remote access via encrypted paths, supporting client public-key and user password authentication.

Defines key terms related to SSH, including SSH Server, Key Pair, PEM, Private Key, Public Key, and Enable Level.

Specifies the requirement of installing a publicly or commercially available SSH client application on management computers.

Details the need for client public keys to be in non-encoded ASCII format for switch compatibility.

Provides a comprehensive guide for setting up and using SSH for bidirectional authentication between switch and client.

Guides users through assigning local passwords, generating key pairs, enabling SSH, and configuring authentication methods.

Offers additional details on client public-key authentication, including steps for creating and copying public keys.

Lists and explains common messages related to SSH operation, aiding in troubleshooting.

Explains the purpose and general features of 802.1x for port-based access control, including authenticator and supplicant roles.

Details the operation of 802.1x for authenticator and supplicant roles, covering RADIUS and local authentication processes.

Outlines the steps required before configuring 802.1x, including local passwords, port determination, and RADIUS server setup.

Guides on configuring switch ports to act as 802.1x authenticators, including disabling LACP and enabling authentication.

Explains how to configure switch ports to act as 802.1x supplicants for secure links between switches.

Details commands for displaying 802.1x status, including port authenticator and supplicant configurations and statistics.

Explains how 802.1x authentication impacts VLAN assignments and temporary port VLAN membership changes.

Lists and explains common operating messages for 802.1x, aiding in troubleshooting issues.

Introduces Port Security for configuring MAC address lists to authorize network access per port.

Explains the default port security operation and how intruders are detected and blocked from network transmission.

Guides users on planning port security configurations, including port selection, authorized devices, and violation notifications.

Details CLI commands for port security, including learn modes, address limits, MAC addresses, and action parameters.

Guides on using the web browser interface to display and configure port security settings and authorized addresses.

Explains how the switch notifies of security violations, sets alert flags, and how to reset them via CLI, Menu, or Web.

Provides essential notes on port security, including identifying intruders, proxy servers, and LACP compatibility.

Introduces the Authorized IP Managers feature for enhancing switch security using IP addresses and masks.

Details the configurable options for Authorized IP Managers, including manager addresses and access privileges.

Explains how to authorize single stations or groups of stations using IP addresses and IP masks for management access.

Explains how IP masks are used to define ranges of authorized IP addresses for management access to the switch.

Guides on viewing and configuring IP Authorized Managers using the switch's console menu interface.

Provides CLI commands for viewing and configuring authorized IP managers, including listing current entries.

Guides on configuring IP Authorized Managers through the switch's web browser interface for managing access.

Details how to construct IP masks for defining ranges of authorized IP addresses for management stations.

Provides security precautions, notes on modem access, duplicate IPs, and web proxy server configurations for IP Managers.