Security Overview
Precedence of Security Options
DCA allows client-specific parameters configured in any of the following ways
to be applied and removed as needed in a specified hierarchy of precedence.
When multiple values for an individual configuration parameter exist, the
value applied to a client session is determined in the following order (from
highest to lowest priority) in which a value configured with a higher priority
overrides a value configured with a lower priority:
1. Attribute profiles applied through the Network Immunity network-man
agement application using SNMP (see “Network Immunity Manager”)
2. 802.1X authentication parameters (RADIUS-assigned)
3. Web- or MAC-authentication parameters (RADIUS-assigned)
4. Local, statically-configured parameters
Although RADIUS-assigned settings are never applied to ports for non-
authenticated clients, the Dynamic Configuration Arbiter allows you to
configure and assign client-specific port configurations to non-authenticated
clients, provided that a client’s MAC address is known in the switch in the
forwarding database. DCA arbitrates the assignment of attributes on both
authenticated and non-authenticated ports.
DCA does not support the arbitration and assignment of client-specific
attributes on trunk ports.
Network Immunity Manager
Network Immunity Manager (NIM) is a plug-in to ProCurve Manager (PCM)
and a key component of the ProCurve Network Immunity security solution
that provides comprehensive detection and per-port-response to malicious
traffic at the ProCurve network edge. NIM allows you to apply policy-based
actions to minimize the negative impact of a client’s behavior on the network.
For example, using NIM you can apply a client-specific profile that adds or
modifies per-port rate-limiting and VLAN ID assignments.
N o t e
NIM actions only support the configuration of per-port rate-limiting and VLAN
ID assignment; NIM does not support CoS (802.1p) priority assignment and
ACL configuration.
NIM-applied parameters temporarily override RADIUS-configured and locally
configured parameters in an authentication session. When the NIM-applied
action is removed, the previously applied client-specific parameter (locally
configured or RADIUS-assigned) is re-applied unless there have been other
configuration changes to the parameter. In this way, NIM allows you to
minimize network problems without manual intervention.
1-19
Summary of Contents for PROCURVE 2910AL
Page 1: ...Access Security Guide ProCurve Switches W 14 03 2910al www procurve com ...
Page 2: ......
Page 3: ...HP ProCurve 2910al Switch February 2009 W 14 03 Access Security Guide ...
Page 84: ...Configuring Username and Password Security Front Panel Security 2 36 ...
Page 156: ...TACACS Authentication Operating Notes 4 30 ...
Page 288: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup 8 22 ...
Page 416: ...Configuring Advanced Threat Protection Using the Instrumentation Monitor 10 28 ...
Page 572: ...Using Authorized IP Managers Operating Notes 14 14 ...
Page 592: ...12 Index ...
Page 593: ......