EasyManua.ls Logo

ProCurve 2900 - Network Immunity Manager

Default Icon
432 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security Overview
Dynamic Configuration Arbiter
Network Immunity Manager
Network Immunity Manager (NIM) is a plug-in to ProCurve Manager (PCM)
and a key component of the ProCurve Network Immunity security solution
that provides comprehensive detection and per-port-response to malicious
traffic at the ProCurve network edge.
NIM allows you to apply policy-based actions to minimize the negative impact
of a client’s behavior on the network. For example, using NIM you can apply
a client-specific profile that adds or modifies per-port VLAN ID assignments.
Note NIM actions only support the configuration of per-port VLAN ID assignment;
NIM does not support CoS (802.1p) priority assignment and ACL configura-
tion.
NIM-applied parameters temporarily override RADIUS-configured and locally
configured parameters in an authentication session. When the NIM-applied
action is removed, the previously applied client-specific parameter (locally
configured or RADIUS-assigned) is re-applied unless there have been other
configuration changes to the parameter. In this way, NIM allows you to
minimize network problems without manual intervention.
NIM also allows you to configure and apply client-specific profiles on ports
that are not configured to authenticate clients (unauthorized clients), pro-
vided that a client’s MAC address is known in the switch’s forwarding data-
base.
The profile of attributes applied for each client (MAC address) session is
stored in the hpicfUsrProfile MIB, which serves as the configuration interface
for Network Immunity Manager. A client profile consists of NIM-configured,
RADIUS-assigned, and statically configured parameters. Using show com-
mands for 802.1X, web or MAC authentication, you can verify which RADIUS
-assigned and statically configured parameters are supported and if they are
supported on a per-port or per-client basis.
A NIM policy accesses the hpicfUsrProfileMIB through SNMP to perform the
following actions:
Bind (or unbind) a profile of configured attributes to the MAC address of
a client device on an authenticated or unauthenticated port.
Configure or unconfigure an untagged VLAN for use in an authenticated
or unauthenticated client session.
1-13

Table of Contents

Related product manuals