Security Overview
Network Security Features
Feature
Default
Setting
Security Guidelines
More Information and
Configuration Details
Access Control
none
ACLs can filter traffic to or from a host, a group of hosts,
Chapter 10, “IPv4 Access
Lists (ACLs)
or entire subnets. Layer 3 IP filtering with Access Control
Control Lists (ACLs)”
Lists (ACLs) enables you to improve network
performance and restrict network use by creating
policies for:
•
Switch Management Access
: Permits or denies in-
band management access. This includes preventing
the use of certain TCP or UDP applications (such as
Telnet, SSH, Web browser, and SNMP) for
transactions between specific source and
destination IP addresses.)
•
Application Access Security
: Eliminating unwanted
IP, TCP, or UDP traffic by filtering packets where they
enter or leave the switch on specific interfaces.
Note on ACL Security Use:
ACLs can enhance network security by blocking
selected IP traffic, and can serve as one aspect of
maintaining network security. However, because ACLs
do not provide user or device authentication, or
protection from malicious manipulation of data carried
in IP packet transmissions, they should not be relied
upon for a complete security solution.
Port Security,
none
The features listed below provide device-based access
MAC Lockdown,
security in the following ways:
and MAC
•
Port security:
Enables configuration of each switch
Lockout
port with a unique list of the MAC addresses of
See also
devices that are authorized to access the network
through that port. This enables individual ports to
detect, prevent, and log attempts by unauthorized
devices to communicate through the switch. Some
switch models also include eavesdrop prevention in
the port security feature.
•
MAC lockdown:
This “static addressing” feature is
used as an alternative to port security to prevent
station movement and MAC address “hijacking” by
allowing a given MAC address to use only one
assigned port on the switch. MAC lockdown also
restricts the client device to a specific VLAN.
•
MAC lockout:
This feature enables blocking of a
specific MAC address so that the switch drops all
traffic to or from the specified address.
1-8
Содержание PROCURVE 2910AL
Страница 1: ...Access Security Guide ProCurve Switches W 14 03 2910al www procurve com ...
Страница 2: ......
Страница 3: ...HP ProCurve 2910al Switch February 2009 W 14 03 Access Security Guide ...
Страница 84: ...Configuring Username and Password Security Front Panel Security 2 36 ...
Страница 156: ...TACACS Authentication Operating Notes 4 30 ...
Страница 288: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup 8 22 ...
Страница 416: ...Configuring Advanced Threat Protection Using the Instrumentation Monitor 10 28 ...
Страница 516: ...Configuring Port Based and User Based Access Control 802 1X Messages Related to 802 1X Operation 12 76 ...
Страница 527: ...Configuring and Monitoring Port Security Port Security Figure 13 4 Examples of Show Mac Address Outputs 13 11 ...
Страница 572: ...Using Authorized IP Managers Operating Notes 14 14 ...
Страница 592: ...12 Index ...
Страница 593: ......
Страница 594: ... Copyright 2009 Hewlett Packard Development Company L P February 2009 Manual Part Number 5992 5439 ...