Inhaltszusammenfassung zur Seite Nr. 1
access security guide
hp procurve
series 4100gl switches
www.hp.com/go/hpprocurve
Inhaltszusammenfassung zur Seite Nr. 2
Inhaltszusammenfassung zur Seite Nr. 3
HP Procurve Series 4100GL Switches Software Release G.07.XX or Greater Access Security Guide
Inhaltszusammenfassung zur Seite Nr. 4
© Copyright 2001-2002 Hewlett-Packard Company Disclaimer All Rights Reserved. The information contained in this document is subject to change without notice. This document contains information which is protected by copyright. Reproduction, adaptation, or translation without HEWLETT-PACKARD COMPANY MAKES NO WARRANTY prior permission is prohibited, except as allowed under the OF ANY KIND WITH REGARD TO THIS MATERIAL, copyright laws. INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
Inhaltszusammenfassung zur Seite Nr. 5
Contents Getting Started Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii Overview of Access Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . xii Command Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Simulating Display Output . . . . . . .
Inhaltszusammenfassung zur Seite Nr. 6
2 TACACS+ Authentication Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Terminology Used in TACACS Applications: . . . . . . . . . . . . . . . . . . . . 2-4 General System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 General Authentication Setup Procedure . . . .
Inhaltszusammenfassung zur Seite Nr. 7
Outline of the Steps for Configuring RADIUS Authentication . . . . . . 3-6 1. Configure Authentication for the Access Methods You Want RADIUS To Protect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 2. Configure the Switch To Access a RADIUS Server . . . . . . . . . . . . 3-10 3. Configure the Switch’s Global RADIUS Parameters . . . . . . . . . . . 3-12 Local Authentication Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14 Cont
Inhaltszusammenfassung zur Seite Nr. 8
1. Assigning a Local Login (Operator) and Enable (Manager) Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9 2. Generating the Switch’s Public and Private Key Pair . . . . . . . . . . 4-10 3. Providing the Switch’s Public Key to Clients . . . . . . . . . . . . . . . . . . 4-12 4. Enabling SSH on the Switch and Anticipating SSH Client Contact Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 5. Configuring the Switch for SSH Authenticat
Inhaltszusammenfassung zur Seite Nr. 9
6 Configuring Port-Based Access Control (802.1x) Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 Why Use Port-Based Access Control? . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 How 80
Inhaltszusammenfassung zur Seite Nr. 10
How RADIUS/802.1x Authentication Affects VLAN Operation . . 6-43 Static VLAN Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-43 Messages Related to 802.1x Operation . . . . . . . . . . . . . . . . . . . . . . . . 6-47 7 Configuring and Monitoring Port Security Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Inhaltszusammenfassung zur Seite Nr. 11
Defining Authorized Management Stations . . . . . . . . . . . . . . . . . . . . . 8-4 Overview of IP Mask Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4 Menu: Viewing and Configuring IP Authorized Managers . . . . . . . . . . 8-5 CLI: Viewing and Configuring Authorized IP Managers . . . . . . . . . . . . 8-6 Listing the Switch’s Current Authorized IP Manager(s) . . . . . . . . 8-6 Configuring IP Authorized Managers for the Switch . . . . . . . . . . 8-7 Web: Co
Inhaltszusammenfassung zur Seite Nr. 12
Inhaltszusammenfassung zur Seite Nr. 13
Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii Overview of Access Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . xii Command Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Simulating Display Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Command Prompts . . . . . . . . . . . . . . . . . . . . .
Inhaltszusammenfassung zur Seite Nr. 14
Getting Started Introduction Introduction This Access Security Guide is intended for use with the following switches: ■ HP Procurve Switch 4104GL ■ HP Procurve Switch 4108GL Together, these two devices are termed the HP Procurve Series 4100GL Switches. Overview of Access Security Features ■ Local Manager and Operator passwords (page 1-1) Control access and privileges for the CLI, menu, and web browser interface. ■ TACACS+ Authentication (page 2-1) Uses an authentication application
Inhaltszusammenfassung zur Seite Nr. 15
Getting Started Overview of Access Security Features Allows access to the switch by a networked device having an IP address previously configured in the switch as "authorized". HP recommends that you use local passwords together with the switch’s other security features to provide a more comprehensive security fabric than if you use only the local password option. Table 1 lists these features with the security coverage they provide. Table 1. Management Access Security Protection Securit
Inhaltszusammenfassung zur Seite Nr. 16
Getting Started Command Syntax Conventions Command Syntax Conventions This guide uses the following conventions for command syntax and displays. Syntax: aaa port-access authenticator < port-list > [ control < authorized | auto | unauthorized >] ■ Vertical bars ( | ) separate alternative, mutually exclusive elements. ■ Square brackets ( [ ] ) indicate optional elements. ■ Braces ( < > ) enclose required elements. ■ Braces within square brackets ( [ < > ] ) indicate a required element wi
Inhaltszusammenfassung zur Seite Nr. 17
Getting Started Related Publications Screen Simulations Figures containing simulated screen text and command output look like this: Figure 1. Example of a Figure Showing a Simulated Screen In some cases, brief command-output sequences appear without figure iden tification. For example: HPswitch(config)# clear public-key HPswitch(config)# show ip client-public-key show_client_public_key: cannot stat keyfile Related Publications Product Notes and Software Update Information. The Read Me
Inhaltszusammenfassung zur Seite Nr. 18
Getting Started Related Publications HP provides a PDF version of this guide on the Product Documentation CD- ROM shipped with the switch. You can also download the latest copy from the HP Procurve website. (See “Getting Documentation From the Web” on page xvii.) Command Line Interface Reference Guide. This guide, available in a PDF file on the HP Procurve website, provides a summary of the CLI com mands generally available for HP Procurve switches. For the latest version, see “Getting D
Inhaltszusammenfassung zur Seite Nr. 19
Getting Started Getting Documentation From the Web Getting Documentation From the Web 1. Go to the HP Procurve website at http://www.hp.com/go/hpprocurve 2. Click on technical support. 3. Click on manuals. 4. Click on the product for which you want to view or download a manual. 3 2 4 xvii
Inhaltszusammenfassung zur Seite Nr. 20
Getting Started Sources for More Information Sources for More Information ■ If you need information on specific parameters in the menu interface, refer to the online help provided in the interface. Online Help for Menu ■ If you need information on a specific command in the CLI, type the command name followed by “help”. For example: ■ If you need information on specific features in the HP Web Browser Interface (hereafter referred to as the “web browser interface”), use the online he