HP Q.11.XX User Manual

Provides an overview of the guide's purpose and supported switches.

Covers key security features including passwords, TACACS+, RADIUS, SSH, SSL, 802.1X.

Details the order of precedence for security features affecting traffic flow on ports.

Explains conventions for command syntax, including boldface, italics, and bracket usage.

Explains console access levels (Manager, Operator) and password management.

Details how to set, delete, and recover passwords using the switch's menu interface.

Explains how to set and remove passwords and usernames using Command Line Interface.

Describes disabling front-panel buttons (Clear, Reset) to prevent unauthorized access or configuration changes.

Introduces edge network security using RADIUS for Web and MAC authentication.

Details features like RADIUS usage, VLAN assignment, and client requirements for Web/MAC auth.

Explains the process of client authentication via Web page login or MAC address submission to RADIUS.

Provides steps for configuring Web Authentication, including redirect URLs and SSL integration.

Explains TACACS+ usage for central server-based access control for switches and other devices.

Lists necessary components like a TACACS+ server application and a configured switch for authentication.

Configures TACACS+ access control for Console, Telnet, and SSH, specifying primary/secondary methods.

Details configuring host IP addresses, encryption keys, and timeout values for TACACS+ servers.

Introduces RADIUS for user authentication, authorization, and accounting, supporting multiple servers.

Outlines preparation steps including configuring RADIUS servers and determining access methods.

Explains how to limit user access to CLI commands via RADIUS authorization using HP VSAs.

Details collecting user activity and system event data and sending it to a RADIUS server for analysis.

Explains SSHv2 for secure remote management access via encrypted paths between switch and clients.

Requires installation of an SSH client application with key generation/import capabilities for management access.

Details client preparation and switch preparation for SSH, including key pair generation and enabling SSH.

Provides in-depth details on client public-key authentication, including key storage and transfer.

Introduces SSL/TLS for secure web transactions, providing encrypted and authenticated access to switches.

Requires installation of an SSL-enabled browser for management access to the switch.

Covers client preparation and switch preparation for SSL, including certificate generation and enabling SSL.

Lists common errors during SSL setup and their possible causes for CLI and web interface usage.

Explains 802.1X for simplified security management and access control via RADIUS servers.

Outlines steps for configuring 802.1X, including local credentials, RADIUS servers, and port settings.

Details enabling 802.1X authentication on ports and specifying client-based or port-based methods.

Explains configuring unauthorized-client and authorized-client VLANs for ports configured as 802.1X authenticators.

Introduces port security for creating authorized MAC address lists per port to detect and block unauthorized traffic.

Guides on planning port security by defining ports, authorized devices, and desired security actions.

Details CLI commands for configuring port security, including learn modes, address limits, and actions.

Explains MAC Lockdown as static addressing to prevent station movement and MAC hijacking.

Describes using IP addresses and masks to determine which stations can access the switch via network.

Explains how to authorize single stations or groups of stations using IP addresses and masks.

Details how the IP Mask parameter controls the recognition of authorized manager station IP addresses.