1-8
Security Overview
Network Security Features
Access Control
Lists (ACLs)
none
ACLs can filter traffic to or from a host, a group of hosts,
or entire subnets. Layer 3 IP filtering with Access Control
Lists (ACLs) enables you to improve network
performance and restrict network use by creating
policies for:
•
Switch Management Access
: Permits or denies in-
band management access. This includes preventing
the use of certain TCP or UDP applications (such as
Telnet, SSH, WebAgent, and SNMP) for transactions
between specific source and destination IP
addresses.)
•
Application Access Security
: Eliminating unwanted
IP, TCP, or UDP traffic by filtering packets where they
enter or leave the switch on specific interfaces.
Note on ACL Security Use:
ACLs can enhance network security by blocking
selected IP traffic, and can serve as one aspect of
maintaining network security. However, because ACLs
do not provide user or device authentication, or
protection from malicious manipulation of data carried
in IP packet transmissions, they should not be relied
upon for a complete security solution.
Chapter 10, “IPv4 Access
Control Lists (ACLs)”
Port Security,
MAC Lockdown,
and MAC
Lockout
none
The features listed below provide device-based access
security in the following ways:
•
Port security:
Enables configuration of each switch
port with a unique list of the MAC addresses of
devices that are authorized to access the network
through that port. This enables individual ports to
detect, prevent, and log attempts by unauthorized
devices to communicate through the switch. Some
switch models also include eavesdrop prevention in
the port security feature.
•
MAC lockdown:
This “static addressing” feature is
used as an alternative to port security to prevent
station movement and MAC address “hijacking” by
allowing a given MAC address to use only one
assigned port on the switch. MAC lockdown also
restricts the client device to a specific VLAN.
•
MAC lockout:
This feature enables blocking of a
specific MAC address so that the switch drops all
traffic to or from the specified address.
Chapter 14, “Configuring and
Monitoring Port Security”
See also
Port-Based Security
Options” on page 1-16
Feature
Default
Setting
Security Guidelines
More Information and
Configuration Details
Summary of Contents for E3800 Series
Page 2: ......
Page 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Page 30: ...xxviii ...
Page 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Page 186: ...4 72 Web and MAC Authentication Client Status ...
Page 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Page 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 730: ...20 Index ...
Page 731: ......