Search
beautypg.com
Directory
Brands
HP manuals
Printers
2800
Manuals
Manuals
HP 2800
Instruction Manuals and User Guides
We have 1 Instruction Manual and User Guide for 2800 HP
HP 2800 User Manual,
300 pages
HP
/
Printers
Recognized languages:
English
Pages:
300
Size:
3.51 MB
Show table of contents
Document Outline
Access Security Guide - HP ProCurve Switch 2600 Series Switch 2600-PWR Series Switch 2800 Series Switch 4100gl Series Switch 6108
Contents
1 Getting Started
Contents
Introduction and Applicable Switches
About the Feature Descriptions
Overview of Access Security Features
General Switch Traffic Security Guideline
Command Syntax Conventions
Simulating Display Output
Command Prompts
Screen Simulations
Port Identity Convention for Examples
Related Publications
Product Notes and General Software Update Information
Physical Installation and Initial Network Access
General Switch Management and Configuration
Release Notes
Getting Documentation From the Web
Sources for More Information
Need Only a Quick Start?
IP Addressing
To Set Up and Install the Switch in Your Network
2 Configuring Username and Password Security
Contents
Overview
Configuring Local Password Security
Menu: Setting Passwords
To Delete Password Protection (Including Recovery from a Lost Password):
To Recover from a Lost Manager Password:
CLI: Setting Passwords and Usernames
Configuring Manager and Operator Passwords
To Remove Password Protection
Web: Setting Passwords and Usernames
To Configure (or Remove) Usernames and Passwords in the Web Browser Interface
Front-Panel Security
When Security Is Important
Front-Panel Button Functions
Clear Button
Reset Button
Restoring the Factory Default Configuration
Configuring Front-Panel Security
Disabling the Clear Password Function of the Clear Button on the Switch’s Front Panel
Re-Enabling the Clear Button on the Switch’s Front Panel and Setting or Changing the “Reset-On-Clear” Operation
Changing the Operation of the Reset+Clear Combination
Password Recovery
Disabling or Re-Enabling the Password Recovery Process
Steps for Disabling Password-Recovery
Password Recovery Process
3 Web and MAC Authentication for the Series 2600/2600PWR and 2800 Switches
Contents
Overview
Applicable Switch Models
Web Authentication (Web-Auth)
MAC Authentication (MAC-Auth)
Client Options
General Features
How Web and MAC Authentication Operate
Authenticator Operation
Web-based Authentication
MAC-based Authentication
Terminology
Operating Rules and Notes
General Setup Procedure for Web/MAC Authentication
Do These Steps Before You Configure Web/MAC Authentication
Additional Information for Configuring the RADIUS Server To Support MAC Authentication
Configuring the Switch To Access a RADIUS Server
Configuring Web Authentication on the Switch
Overview
Configure the Switch for Web-Based Authentication
Configuring MAC Authentication on the Switch
Overview
Configure the Switch for MAC-Based Authentication
Show Status and Configuration of Web- Based Authentication
Show Status and Configuration of MAC- Based Authentication
Client Status
4 TACACS+ Authentication
Contents
Overview
Terminology Used in TACACS Applications:
General System Requirements
General Authentication Setup Procedure
Configuring TACACS+ on the Switch
BeforeYou Begin
CLI Commands Described in this Section
Viewing the Switch’s Current Authentication Configuration
Viewing the Switch’s Current TACACS+ Server Contact Configuration
Configuring the Switch’s Authentication Methods
Configuring the Switch’s TACACS+ Server Access
Adding, Removing, or Changing the Priority of a TACACS+ Server
Configuring an Encryption Key
Configuring the Timeout Period
How Authentication Operates
General Authentication Process Using a TACACS+ Server
Local Authentication Process
Using the Encryption Key
General Operation
Encryption Options in the Switch
Controlling Web Browser Interface Access When Using TACACS+ Authentication
Messages Related to TACACS+ Operation
Operating Notes
5 RADIUS Authentication and Accounting
Contents
Overview
Authentication
Accounting
Terminology
Switch Operating Rules for RADIUS
General RADIUS Setup Procedure
Configuring the Switch for RADIUS Authentication
Outline of the Steps for Configuring RADIUS Authentication
1. Configure Authentication for the Access Methods You Want RADIUS To Protect
2. Configure the Switch To Access a RADIUS Server
3. Configure the Switch’s Global RADIUS Parameters
Local Authentication Process
Controlling Web Browser Interface Access When Using RADIUS Authentication
Configuring RADIUS Accounting
Operating Rules for RADIUS Accounting
Steps for Configuring RADIUS Accounting
1. Configure the Switch To Access a RADIUS Server
2. Configure Accounting Types and the Controls for Sending Reports to the RADIUS Server
3. (Optional) Configure Session Blocking and Interim Updating Options
Viewing RADIUS Statistics
General RADIUS Statistics
RADIUS Authentication Statistics
RADIUS Accounting Statistics
Changing RADIUS-Server Access Order
Messages Related to RADIUS Operation
6 Configuring Secure Shell (SSH)
Contents
Overview
Client Public Key Authentication (Login/Operator Level) with User Password Authentication (Enable/Manager Level)
Switch SSH and User Password Authentication
Terminology
Prerequisite for Using SSH
Public Key Formats
Steps for Configuring and Using SSH for Switch and Client Authentication
General Operating Rules and Notes
Configuring the Switch for SSH Operation
1. Assigning a Local Login (Operator) and Enable (Manager) Password
To Configure Local Passwords
2. Generating the Switch’s Public and Private Key Pair
To Generate or Erase the Switch’s Public/Private RSA Host Key Pair
3. Providing the Switch’s Public Key to Clients
Displaying the Public Key
4. Enabling SSH on the Switch and Anticipating SSH Client Contact Behavior
SSH Client Contact Behavior
To enable SSH on the switch
5. Configuring the Switch for SSH Authentication
Option A: Configuring SSH Access for Password-Only SSH Authentication
Option B: Configuring the Switch for Client Public-Key SSH Authentication
6. Use an SSH Client To Access the Switch
Further Information on SSH Client Public-Key Authentication
To Create a Client-Public-Key Text File
Replacing or Clearing the Public Key File
Enabling Client Public-Key Authentication
Messages Related to SSH Operation
7 Configuring Secure Socket Layer (SSL)
Contents
Overview
Server Certificate authentication with User Password Authentication
Terminology
Prerequisite for Using SSL
Steps for Configuring and Using SSL for Switch and Client Authentication
General Operating Rules and Notes
Configuring the Switch for SSL Operation
1. Assigning a Local Login (Operator) and Enable (Manager)Password
Using the web browser interface To Configure Local Passwords
2. Generating the Switch’s Server Host Certificate
To Generate or Erase the Switch’s Server Certificate with the CLI
CLI commands used to generate a Server Host Certificate
Comments on Certificate Fields.
CLI Command to view host certificates
Generate a Self-Signed Host Certificate with the Web browser interface
Generate a CA-Signed server host certificate with the Web Browser Interface
3. Enabling SSL on the Switch and Anticipating SSL Browser Contact Behavior
SSL Client Contact Behavior
Using the CLI interface to enable SSL
Using the web browser interface to enable SSL
Common Errors in SSL setup
8 Configuring Port-Based Access Control (802.1X)
Contents
Overview
Why Use Port-Based Access Control?
General Features
Authenticating Users
Providing a Path for Downloading 802.1X Supplicant Software
Authenticating One Switch to Another
Accounting
How 802.1X Operates
Authenticator Operation
Switch-Port Supplicant Operation
Terminology
General Operating Rules and Notes
General Setup Procedure for Port-Based Access Control (802.1X)
Do These Steps Before You Configure 802.1X Operation
Overview: Configuring 802.1X Authentication on the Switch
Configuring Switch Ports as 802.1X Authenticators
1. Enable 802.1X Authentication on Selected Ports
3. Configure the 802.1X Authentication Method
4. Enter the RADIUS Host IP Address(es)
5. Enable 802.1X Authentication on the Switch
802.1X Open VLAN Mode
Introduction
Use Models for 802.1X Open VLAN Modes
Operating Rules for Authorized-Client and Unauthorized-Client VLANs
Setting Up and Configuring 802.1X Open VLAN Mode
Preparation
Configuring General 802.1X Operation:
Configuring 802.1X Open VLAN Mode
Inspecting 802.1X Open VLAN Mode Operation
802.1X Open VLAN Operating Notes
Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X Devices
Configuring Switch Ports To Operate As Supplicants for 802.1X Connections to Other Switches
Enabling a Switch Port To Operate as a Supplicant
Configuring a Supplicant Switch Port
Displaying 802.1X Configuration, Statistics, and Counters
Show Commands for Port-Access Authenticator
Viewing 802.1X Open VLAN Mode Status
Show Commands for Port-Access Supplicant
Note on Supplicant Statistics
How RADIUS/802.1X Authentication Affects VLAN Operation
Static VLAN Requirement
If the Port Used by the Client Is Not Configured as an Untagged Member of the Required Static VLAN
Messages Related to 802.1X Operation
9 Configuring and Monitoring Port Security
Contents
Overview
Basic Operation
Default Port Security Operation
Intruder Protection
General Operation for Port Security
Blocking Unauthorized Traffic
Trunk Group Exclusion
Planning Port Security
Port Security Command Options and Operation
Retention of Static MAC Addresses
Learned MAC Addresses
Assigned/Authorized MAC Addresses
Removing Learned and Assigned Static MAC Addresses
Displaying Current Port Security Settings
Using the CLI To Display Port Security Settings
Configuring Port Security
Specifying Authorized Devices and Intrusion Responses
Learn-Mode Static
Learn-Mode Configured
Adding a MAC Address to an Existing Port List
Removing a Device From the “Authorized” List for a Port Configured for Learn-Mode Static
MAC Lockdown
Differences Between MAC Lockdown and Port Security
MAC Lockdown Operating Notes
Limits
Event Log Messages
Limiting the Frequency of Log Messages
Deploying MAC Lockdown
MAC Lockout
Port Security and MAC Lockout
Web: Displaying and Configuring Port Security Features
Reading Intrusion Alerts and Resetting Alert Flags
Notice of Security Violations
How the Intrusion Log Operates
Keeping the Intrusion Log Current by Resetting Alert Flags
Menu: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags
CLI: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags
Using the Event Log To Find Intrusion Alerts
From the CLI
From the Menu Interface:
For More Event Log Information
Web: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags
Operating Notes for Port Security
Identifying the IP Address of an Intruder
“Prior To” Entries in the Intrusion Log
Alert Flag Status for Entries Forced Off of the Intrusion Log
LACP Not Available on Ports Configured for Port Security
10 Traffic/Security Filters (HP ProCurve Series 2600/2600-PWR and 2800 Switches)
Contents
Overview
Applicable Switch Models
General Operation
Applying a Source Port Filter in a Multinetted VLAN
Using Source-Port Filters
Operating Rules for Source-Port Filters
Configuring a Source-Port Filter
Example of Creating a Source-Port Filter
Configuring a Filter on a Port Trunk
Viewing a Source-Port Filter
Filter Indexing
Editing a Source-Port Filter
11 Using Authorized IP Managers
Contents
Overview
Options
Access Levels
Defining Authorized Management Stations
Overview of IP Mask Operation
Menu: Viewing and Configuring IP Authorized Managers
Editing or Deleting an Authorized Manager Entry
CLI: Viewing and Configuring Authorized IP Managers
Listing the Switch’s Current Authorized IP Manager(s)
Configuring IP Authorized Managers for the Switch
To Authorize Manager Access
To Edit an Existing Manager Access Entry
To Delete an Authorized Manager Entry
Web: Configuring IP Authorized Managers
Building IP Masks
Configuring One Station Per Authorized Manager IP Entry
Configuring Multiple Stations Per Authorized Manager IP Entry
Additional Examples for Authorizing Multiple Stations
Operating Notes
Index
Numerics
A
C
D
E
F
G
I
K
L
M
O
P
Q
R
S
T
U
V
W
H1
Popular
Brands
Apple
Bissell
Brother
Canon
Casio
Cisco
Craftsman
Dell
FRIGIDAIRE
Garmin
GE
Honeywell
HP
John Deere
Kenmore
LG
Maytag
Motorola
NETGEAR
Nikon
Panasonic
Pioneer
Samsung
Sharp
SINGER
Sony
Whirlpool
Yamaha
All brands
Popular
manuals
Canon - AE-1
Fitbit - Flex
Nikon - D5000
Nikon - D40
Nikon - D3100
Nikon - D90
Nikon - D7000
Nikon - D80
Nikon - D3000
HP - Officejet Pro 8600
Canon - EOS 60D
HP - 12C Financial calculator
Full list