Sign In
Upload
Manuals
Brands
HP Manuals
Switch
ProCurve Switch 2900yl-24G
HP ProCurve Switch 2900yl-24G Ethernet Manuals
Manuals and User Guides for HP ProCurve Switch 2900yl-24G Ethernet. We have
1
HP ProCurve Switch 2900yl-24G Ethernet manual available for free PDF download: Access Security Manual
HP ProCurve Switch 2900yl-24G Access Security Manual (374 pages)
Brand:
HP
| Category:
Switch
| Size: 2.39 MB
Table of Contents
Table of Contents
5
Product Documentation
17
About Your Switch Manual Set
17
Feature Index
18
Getting Started
23
Contents
23
Introduction
24
Conventions
24
Feature Descriptions by Model
24
Command Syntax Statements
25
Command Prompts
25
Screen Simulations
26
Port Identity Examples
26
Configuration and Operation Examples
26
Keys
26
Sources for more Information
27
Getting Documentation from the Web
29
Online Help
29
Need Only a Quick Start
30
IP Addressing
30
To Set up and Install the Switch in Your Network
31
Physical Installation
31
Overview of Access Security Features
31
General Switch Traffic Security Guideline
33
Configuring Username and Password Security
35
Contents
35
Overview
36
Configuring Local Password Security
39
Menu: Setting Passwords
39
CLI: Setting Passwords and Usernames
41
Web: Setting Passwords and Usernames
42
Front-Panel Security
42
When Security Is Important
43
Front-Panel Button Functions
44
Clear Button
44
Reset Button
45
Restoring the Factory Default Configuration
45
Configuring Front-Panel Security
46
Disabling the Clear Password Function of the Clear Button on the Switch's Front Panel
48
Re-Enabling the Clear Button on the Switch's Front Panel and Setting or Changing the "Reset-On-Clear" Operation
50
Changing the Operation of the Reset+Clear Combination
51
Password Recovery
52
Disabling or Re-Enabling the Password Recovery Process
52
Password Recovery Process
54
Web and MAC Authentication
55
Contents
55
Overview
56
Client Options
57
General Features
58
How Web and MAC Authentication Operate
59
Authenticator Operation
59
Web-Based Authentication
59
MAC-Based Authentication
61
Terminology
63
Operating Rules and Notes
64
General Setup Procedure for Web/Mac Authentication
66
Do These Steps before You Configure Web/Mac Authentication
66
Additional Information for Configuring the RADIUS Server to Support MAC Authentication
68
Configuring the Switch to Access a RADIUS Server
69
Configuring Web Authentication
71
Configuration Overview
71
Configuration Commands for Web-Based Authentication
72
Show Commands for Web-Based Authentication
79
Example: Verifying a Web Authentication Configuration
80
Configuring MAC Authentication
81
Configuration Overview
81
Configuration Commands for MAC-Based Authentication
82
Show Commands for MAC-Based Authentication
87
Example: Verifying a MAC Authentication Configuration
88
Client Status
90
TACACS+ Authentication
91
Contents
91
Overview
92
Terminology Used in TACACS Applications
93
General System Requirements
95
General Authentication Setup Procedure
96
Configuring TACACS+ on the Switch
98
Before You Begin
98
CLI Commands Described in this Section
99
Viewing the Switch's Current Authentication Configuration
99
Viewing the Switch's Current TACACS+ Server Contact Configuration
100
Configuring the Switch's Authentication Methods
101
Configuring the Switch's TACACS+ Server Access
105
How Authentication Operates
110
General Authentication Process Using a TACACS+ Server
110
Local Authentication Process
112
Using the Encryption Key
113
General Operation
113
Encryption Options in the Switch
113
Controlling Web Browser Interface Access When Using TACACS+ Authentication
114
Messages Related to TACACS+ Operation
115
Operating Notes
116
RADIUS Authentication and Accounting
117
Contents
117
Overview
119
Authentication Services
119
Accounting Services
120
RADIUS-Administered Cos and Rate-Limiting
120
Terminology
120
Switch Operating Rules for RADIUS
121
General RADIUS Setup Procedure
123
Configuring the Switch for RADIUS Authentication
124
Outline of the Steps for Configuring RADIUS Authentication
125
Configure Authentication for the Access Methods You Want RADIUS to Protect
126
Enable the (Optional) Access Privilege Option
128
Configure the Switch to Access a RADIUS Server
129
Configure the Switch's Global RADIUS Parameters
131
Local Authentication Process
135
Controlling Web Browser Interface Access
136
Configuring RADIUS Authorization
137
Overview
137
Commands Authorization Type
137
Enabling Authorization with the CLI
138
Showing Authorization Information
139
Configuring the RADIUS Server
139
Using Vendor Specific Attributes (Vsas)
139
Example Configuration on Cisco Secure ACS for MS Windows 5-25
141
Example Configuration Using Freeradius
144
Configuring RADIUS Accounting
145
Operating Rules for RADIUS Accounting
146
Steps for Configuring RADIUS Accounting
147
Configure the Switch to Access a RADIUS Server
148
Configure Accounting Types and the Controls for Sending Reports to the RADIUS Server
149
Optional) Configure Session Blocking and Interim Updating Options
151
Viewing RADIUS Statistics
153
General RADIUS Statistics
153
RADIUS Authentication Statistics
155
RADIUS Accounting Statistics
156
Changing RADIUS-Server Access Order
157
Messages Related to RADIUS Operation
160
Configuring Secure Shell (SSH)
162
Overview
162
Terminology
164
Prerequisite for Using SSH
165
Public Key Formats
165
Steps for Configuring and Using SSH for Switch and Client Authentication
166
General Operating Rules and Notes
168
Configuring the Switch for SSH Operation
169
Assigning a Local Login (Operator) and Enable (Manager) Password
169
Generating the Switch's Public and Private Key Pair
170
Providing the Switch's Public Key to Clients
172
Enabling SSH on the Switch and Anticipating SSH Client Contact Behavior
175
Configuring the Switch for SSH Authentication
178
Use an SSH Client to Access the Switch
182
Further Information on SSH Client Public-Key Authentication
182
Messages Related to SSH Operation
187
Configuring Secure Socket Layer (SSL)
190
Overview
190
Terminology
191
Prerequisite for Using SSL
193
Steps for Configuring and Using SSL for Switch and Client
193
Authentication
193
General Operating Rules and Notes
194
Configuring the Switch for SSL Operation
195
Assigning a Local Login (Operator) and Enable (Manager) Password
195
Generating the Switch's Server Host Certificate
197
To Generate or Erase the Switch's Server Certificate
198
With the CLI
198
Comments on Certificate Fields
199
Generate a Self-Signed Host Certificate with the Web Browser
201
Interface
201
Generate a CA-Signed Server Host Certificate with the Web Browser Interface
203
Enabling SSL on the Switch and Anticipating SSL Browser Contact Behavior
205
Using the CLI Interface to Enable SSL
207
Using the Web Browser Interface to Enable SSL
207
Common Errors in SSL Setup
209
Traffic/Security Filters
212
Overview
212
Introduction
212
Filter Limits
213
Using Port Trunks with Filters
213
Filter Types and Operation
213
Source-Port Filters
214
Operating Rules for Source-Port Filters
214
Example
215
Named Source-Port Filters
216
Operating Rules for Named Source-Port Filters
216
Defining and Configuring Named Source-Port Filters
217
Viewing a Named Source-Port Filter
219
Using Named Source-Port Filters
219
Static Multicast Filters
225
Protocol Filters
226
Configuring Traffic/Security Filters
227
Configuring a Source-Port Traffic Filter
228
Example of Creating a Source-Port Filter
229
Configuring a Filter on a Port Trunk
229
Editing a Source-Port Filter
230
Configuring a Multicast or Protocol Traffic Filter
231
Filter Indexing
232
Displaying Traffic/Security Filters
233
Configuring Port-Based and Client-Based Access Control (802.1X)
235
Contents
235
Overview
237
Why Use Port-Based or Client-Based Access Control
237
General Features
237
User Authentication Methods
238
802.1X Client-Based Access Control
238
802.1X Port-Based Access Control
239
Alternative to Using a RADIUS Server
240
Accounting
240
Terminology
241
General 802.1X Authenticator Operation
244
Example of the Authentication Process
244
VLAN Membership Priority
245
General Operating Rules and Notes
247
General Setup Procedure for 802.1X Access Control
249
Do These Steps before You Configure 802.1X Operation
249
Overview: Configuring 802.1X Authentication on the Switch
250
Configuring Switch Ports as 802.1X Authenticators
251
Enable 802.1X Authentication on Selected Ports
252
Enable the Selected Ports as Authenticators and Enable the (Default) Port-Based Authentication
252
Specify Client-Based or Return to Port-Based 802.1X Authentication
252
Example: Configuring Client-Based 802.1X Authentication
253
Example: Configuring Port-Based 802.1X Authentication
254
Reconfigure Settings for Port-Access
254
Configure the 802.1X Authentication Method
257
Enter the RADIUS Host IP Address(Es)
258
Enable 802.1X Authentication on the Switch
258
Optionally Resetting Authenticator Operation
259
Optional: Configure 802.1X Controlled Directions
259
Wake-On-LAN Traffic
260
Operating Notes
261
Example: Configuring 802.1X Controlled Directions
261
802.1X Open VLAN Mode
262
Introduction
262
VLAN Membership Priorities
263
Use Models for 802.1X Open VLAN Modes
264
Operating Rules for Authorized-Client and Unauthorized-Client Vlans
269
Setting up and Configuring 802.1X Open VLAN Mode
272
802.1X Open VLAN Operating Notes
277
Option for Authenticator Ports: Configure Port-Security to Allow Only 802.1X-Authenticated Devices
278
Port-Security
278
Configuring Switch Ports to Operate as Supplicants for 802.1X Connections to Other Switches
279
Example
280
Supplicant Port Configuration
281
Displaying 802.1X Configuration, Statistics, and Counters
284
Show Commands for Port-Access Authenticator
284
Viewing 802.1X Open VLAN Mode Status
287
Show Commands for Port-Access Supplicant
291
How RADIUS/802.1X Authentication Affects VLAN Operation
292
Operating Notes
296
Messages Related to 802.1X Operation
297
Configuring and Monitoring Port Security
299
Contents
299
Overview
301
Port Security
302
Basic Operation
302
Eavesdrop Protection
303
Blocking Unauthorized Traffic
303
Trunk Group Exclusion
304
Planning Port Security
305
Port Security Command Options and Operation
306
Port Security Display Options
306
Configuring Port Security
310
Retention of Static Addresses
315
MAC Lockdown
320
Differences between MAC Lockdown and Port Security
322
MAC Lockdown Operating Notes
323
Deploying MAC Lockdown
324
MAC Lockout
328
Port Security and MAC Lockout
330
Web: Displaying and Configuring Port Security Features
331
Reading Intrusion Alerts and Resetting Alert Flags
331
Notice of Security Violations
331
How the Intrusion Log Operates
332
Keeping the Intrusion Log Current by Resetting Alert Flags
333
Menu: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags
334
CLI: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags
336
Using the Event Log to Find Intrusion Alerts
338
Web: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags
339
Operating Notes for Port Security
340
Using Authorized IP Managers
344
Overview
344
Options
345
Access Levels
345
Defining Authorized Management Stations
346
Overview of IP Mask Operation
347
Menu: Viewing and Configuring IP Authorized Managers
347
CLI: Viewing and Configuring Authorized IP Managers
349
Listing the Switch's Current Authorized IP Manager(S)
349
Configuring IP Authorized Managers for the Switch
350
Web: Configuring IP Authorized Managers
352
Building IP Masks
352
Configuring One Station Per Authorized Manager IP Entry
352
Configuring Multiple Stations Per Authorized Manager IP Entry
353
Additional Examples for Authorizing Multiple Stations
355
Operating Notes
355
Key Management System
358
Overview
358
Terminology
358
Configuring Key Chain Management
359
Creating and Deleting Key Chain Entries
359
Assigning a Time-Independent Key to a Chain
360
Assigning Time-Dependent Keys to a Chain
361
Index
365
Advertisement
Advertisement
Related Products
HP ProCurve 2900
HP ProCurve Switch 2900yl-48G
HP J9146A - ProCurve Switch 2910al-24G-PoE
HP ProCurve 2910al-24G
HP 2910 Series
HP 2915G
HP ProCurve 2910al-24G-PoE+
HP ProCurve 2915-8G-PoE
HP ProCurve 2910al-48G-PoE+
HP 2920 Series
HP Categories
Desktop
Laptop
Server
Monitor
Switch
More HP Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL