ملخص المحتوى في الصفحة رقم 1
Access Security Guide
2510
ProCurve Switches
Q.11.XX (2510-24)
U.11.XX (2510-48)
www.procurve.com
ملخص المحتوى في الصفحة رقم 2
ملخص المحتوى في الصفحة رقم 3
ProCurve Series 2510 Switches January 2008 Access Security Guide
ملخص المحتوى في الصفحة رقم 4
© Copyright 2008 Hewlett-Packard Company, L.P. or editorial errors or omissions contained herein. The The information contained herein is subject to change without information is provided "as is" without warranty of any kind notice. and is subject to change without notice. The warranties for Hewlett-Packard Company products are set forth in the express limited warranty statements for such products. Publication Number Nothing herein should be construed as constituting an additional warranty
ملخص المحتوى في الصفحة رقم 5
Contents Product Documentation About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Feature Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xii 1 Getting Started Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ملخص المحتوى في الصفحة رقم 6
Front-Panel Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7 When Security Is Important . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7 Front-Panel Button Functions ‘ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8 Configuring Front-Panel Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10 Password Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ملخص المحتوى في الصفحة رقم 7
4 TACACS+ Authentication Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Terminology Used in TACACS Applications: . . . . . . . . . . . . . . . . . . . . . . . . 4-3 General System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5 General Authentication Setup Pr
ملخص المحتوى في الصفحة رقم 8
Configuring the Switch for RADIUS Authentication . . . . . . . . . . . . . . . . . . 5-6 Outline of the Steps for Configuring RADIUS Authentication . . . . . . 5-7 1. Configure Authentication for the Access Methods You Want RADIUS To Protect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 2. Configure the Switch To Access a RADIUS Server . . . . . . . . . . . . 5-10 3. Configure the Switch’s Global RADIUS Parameters . . . . . . . . . . . 5-12 Local Authentication Process
ملخص المحتوى في الصفحة رقم 9
4. Enable SSH on the Switch and Anticipate SSH Client Contact Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15 5. Configure the Switch for SSH Authentication . . . . . . . . . . . . . . . . . 6-18 6. Use an SSH Client To Access the Switch . . . . . . . . . . . . . . . . . . . . . 6-22 Further Information on SSH Client Public-Key Authentication . . . . . . . . 6-23 Messages Related to SSH Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ملخص المحتوى في الصفحة رقم 10
General Setup Procedure for 802.1X Access Control . . . . . . . . . . . . . . . . 8-14 Do These Steps Before You Configure 802.1X Operation . . . . . . . . . 8-14 Overview: Configuring 802.1X Authentication on the Switch . . . . . . 8-15 Configuring Switch Ports as 802.1X Authenticators . . . . . . . . . . . . . . . . . 8-17 1. Enable 802.1X Authentication on Selected Ports . . . . . . . . . . . . . . 8-17 2. Reconfigure Settings for Port-Access . . . . . . . . . . . . . . . . . . . . . . .
ملخص المحتوى في الصفحة رقم 11
9 Configuring and Monitoring Port Security Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 Basic Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 Blocking Unauthorized Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3 Tru
ملخص المحتوى في الصفحة رقم 12
Building IP Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9 Configuring One Station Per Authorized Manager IP Entry . . . . . . . 10-9 Configuring Multiple Stations Per Authorized Manager IP Entry . . 10-10 Additional Examples for Authorizing Multiple Stations . . . . . . . . . 10-12 Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-12 x
ملخص المحتوى في الصفحة رقم 13
Product Documentation About Your Switch Manual Set The switch manual set includes the following: ■ Read Me First - a printed guide shipped with your switch. Provides software update information, product notes, and other information. ■ Installation and Getting Started Guide - a printed guide shipped with your switch. This guide explains how to prepare for and perform the physical installation and connection to your network. ■ Management and Configuration Guide - a PDF file on the ProCurve Net
ملخص المحتوى في الصفحة رقم 14
Product Documentation Feature Index For the manual set supporting your switch model, the following feature index indicates which manual to consult for information on a given software feature. Feature Management and Advanced Traffic Access Security Configuration Management Guide 802.1Q VLAN Tagging - X - 802.1p Priority X - - 802.1X Authentication - - X Authorized IP Managers - - X Config File X -- Copy Command X - - Debug X -- DHCP Configuration - X - DHCP/Bootp Operation X -- Diagnostic Tool
ملخص المحتوى في الصفحة رقم 15
Product Documentation Feature Management and Advanced Traffic Access Security Configuration Management Guide LLDP X - - MAC Address Management X -- Monitoring and Analysis X - - Multicast Filtering - X - Network Management Applications (LLDP, SNMP) X - - Passwords - - X Ping X - - Port Configuration X -- Port Security - - X Port Status X -- Port Trunking (LACP) X - - Port-Based Access Control - - X Port-Based Priority (802.1Q) X - - Quality of Service (QoS) - X - RADIUS Authentication and Accou
ملخص المحتوى في الصفحة رقم 16
Product Documentation Feature Management and Advanced Traffic Access Security Configuration Management Guide Telnet Access X - - TFTP X -- Time Protocols (TimeP, SNTP) X - - Troubleshooting X -- VLANs - X - Xmodem X -- xiv
ملخص المحتوى في الصفحة رقم 17
1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Overview of Access Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Management Access Security Protection . . . . . . . . . . . . . . . . . . . . . . . . 1-3 General Switch Traffic Security Guidelines . . . . . . . . . . . . . . . . . . . . . . 1-4 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ملخص المحتوى في الصفحة رقم 18
Getting Started Introduction Introduction This Access Security Guide describes how to use ProCurve’s switch security features to protect access to your switch. This guide is intended to support the following switches: ■ ProCurve Switch 2510-24 ■ ProCurve Switch 2510-48 For an overview of other product documentation for the above switches, refer to “Product Documentation” on page xi. You can download a copy from the ProCurve Networking website, www.procurve.com. Overview of Access Security Fe
ملخص المحتوى في الصفحة رقم 19
Getting Started Overview of Access Security Features ■ Port-Based Access Control (802.1X) (page 8-1): On point-to-point connections, enables the switch to allow or deny traffic between a port and an 802.1X-aware device (supplicant) attempting to access the switch. Also enables the switch to operate as a supplicant for connections to other 802.1X-aware switches. ■ Port Security (page 9-1): Enables a switch port to maintain a unique list of MAC addresses defining which specific devices are al
ملخص المحتوى في الصفحة رقم 20
Getting Started Overview of Access Security Features Table 1-1. Management Access Security Protection Security Feature Offers Protection Against Unauthorized Client Access to Offers Protection Switch Management Features Against Unauthorized Client Connection Telnet SNMP Web SSH Access to the (Net Mgmt) Browser Client Network Local Manager and Operator PtP: Yes No Yes Yes No 1 Usernames and Passwords Remote: Yes No Yes Yes No TACACS+ PtP: Yes No No Yes No Remote: Yes No No Yes No RADIUS PtP: