Getting Started
Overview of Access Security Features
■ Access Control Lists (page 9-1): Permits or denies in-band manage-
ment access. This includes preventing the use of certain TCP or UDP
applications (such as Telnet, SSH, Web browser, and SNMP) for
transactions between specific source and destination IP addresses.
Eliminates unwanted IP, TCP, or UDP traffic by filtering packets
where they enter or leave the switch on specific interfaces.
■ Traffic/Security Filters (page 10-1): Source-Port filtering enhances
in-band security by enabling outbound destination ports on the switch
to forward or drop traffic from designated source ports (within the
same VLAN).
■ Port-Based and User-Based Access Control (802.1X)
(page 11-1): On point-to-point connections, enables the switch to
allow or deny traffic between a port and an 802.1X-aware device
(supplicant) attempting to access the switch. Also enables the switch
to operate as a supplicant for connections to other 802.1X-aware
switches.
■ Port Security (page 12-1): Enables a switch port to maintain a unique
list of MAC addresses defining which specific devices are allowed to
access the network through that port. Also enables a port to detect,
prevent, and log access attempts by unauthorized devices.
■ Authorized IP Managers (page 13-1): Allows access to the switch
by a networked device having an IP address previously configured in
the switch as “authorized”.
Management Access Security Protection
In considering management access security for your switch, there are two key
areas to protect:
■ Unauthorized client access to switch management features
■ Unauthorized client access to the network.
Table 1-1 on page 1-4 provides an overview of the type of protection offered
by each switch security feature.
Note ProCurve recommends that you use local passwords together with your
switch’s other security features to provide a more comprehensive security
fabric than if you use only local passwords.
1-3
To Next Page
Loading...
