Sign In
Upload
Manuals
Brands
HP Manuals
Switch
E3800-48G-4XGT-PoE+ tl
HP E3800-48G-4XGT-PoE+ tl Manuals
Manuals and User Guides for HP E3800-48G-4XGT-PoE+ tl. We have
1
HP E3800-48G-4XGT-PoE+ tl manual available for free PDF download: Access Security Manual
HP E3800-48G-4XGT-PoE+ tl Access Security Manual (732 pages)
Switch Software
Brand:
HP
| Category:
Switch
| Size: 5.32 MB
Table of Contents
Table of Contents
5
About Your Switch Manual Set
23
Product Documentation
23
Electronic Publications
23
Software Feature Index
24
Security Overview
31
Introduction
31
About this Guide
31
For more Information
31
Access Security Features
33
Network Security Features
37
Getting Started with Access Security
40
Physical Security
40
Quick Start: Using the Management Interface Wizard
41
CLI: Management Interface Wizard
42
Webagent: Management Interface Wizard
43
SNMP Security Guidelines
44
Precedence of Security Options
46
Precedence of Port-Based Security Options
46
Precedence of Client-Based Authentication
46
Dynamic Configuration Arbiter
46
Network Immunity Manager
47
Arbitrating Client-Specific Attributes
48
HP Identity-Driven Manager (IDM)
50
Configuring Username and Password Security
51
Overview
51
Configuring Local Password Security
54
Menu: Setting Passwords
54
CLI: Setting Passwords and Usernames
56
Webagent: Setting Passwords and Usernames
59
Saving Security Credentials in a Config File
60
Benefits of Saving Security Credentials
60
Enabling the Storage and Display of Security Credentials
61
Security Settings that Can be Saved
62
Local Manager and Operator Passwords
62
Password Command Options
63
SNMP Security Credentials
64
802.1X Port-Access Credentials
65
TACACS+ Encryption Key Authentication
65
RADIUS Shared-Secret Key Authentication
66
SSH Client Public-Key Authentication
66
Operating Notes
69
Restrictions
71
Front-Panel Security
73
When Security Is Important
73
Front-Panel Button Functions
74
Clear Button
74
Reset Button
75
Restoring the Factory Default Configuration
75
Configuring Front-Panel Security
76
Disabling the Clear Password Function of the Clear Button
79
Re-Enabling the Clear Button and Setting or Changing the "Reset-On-Clear" Operation
80
Changing the Operation of the Reset+Clear Combination
81
Password Recovery
82
Disabling or Re-Enabling the Password Recovery Process
82
Password Recovery Process
84
Virus Throttling (Connection-Rate Filtering)
87
Overview of Connection-Rate Filtering
87
Features and Benefits
88
General Operation
89
Filtering Options
89
Sensitivity to Connection Rate Detection
90
Application Options
90
Operating Rules
92
Unblocking a Currently Blocked Host
92
General Configuration Guidelines
93
For a Network that Is Relatively Attack-Free
93
For a Network that Appears to be under Significant Attack
94
Configuring Connection-Rate Filtering
95
Global and Per-Port Configuration
95
Enabling Connection-Rate Filtering and Configuring
96
Sensitivity
96
Configuring the Per-Port Filtering Mode
97
Example of a Basic Connection-Rate Filtering Configuration
98
Viewing and Managing Connection-Rate Status
100
Viewing Connection-Rate Configuration
100
Listing Currently-Blocked Hosts
101
Unblocking Currently-Blocked Hosts
101
Configuring and Applying Connection-Rate Acls
103
Connection-Rate ACL Operation
104
Configuring a Connection-Rate ACL Using Source IP Address Criteria
105
Configuring a Connection-Rate ACL Using UDP/TCP Criteria
107
Applying Connection-Rate Acls
110
Using CIDR Notation to Enter the ACE Mask
110
Example of Using an ACL in a Connection-Rate Configuration
111
Connection-Rate ACL Operating Notes
113
Web and MAC Authentication
115
Overview
115
Web Authentication
116
MAC Authentication
116
Concurrent Web and MAC Authentication
117
Authorized and Unauthorized Client Vlans
117
RADIUS-Based Authentication
118
Wireless Clients
118
How Web and MAC Authentication Operate
119
Web-Based Authentication
119
MAC-Based Authentication
121
Terminology
123
Operating Rules and Notes
124
Setup Procedure for Web/Mac Authentication
126
Before You Configure Web/Mac Authentication
126
Configuring the RADIUS Server to Support MAC Authentication
129
Configuring the Switch to Access a RADIUS Server
129
Configuring Web Authentication
132
Overview
132
Configuration Commands for Web Authentication
133
Show Commands for Web Authentication
140
Customizing Web Authentication HTML Files (Optional)
146
Implementing Customized Web-Auth Pages
146
Operating Notes and Guidelines
146
Customizing HTML Templates
147
Customizable HTML Templates
148
Configuring MAC Authentication on the Switch
162
Overview
162
Configuration Commands for MAC Authentication
163
Configuring the Global MAC Authentication Password
163
Configuring a MAC-Based Address Format
165
Configuring Custom Messages
168
Web Page Display of Access Denied Message
170
HTTP Redirect When MAC Address Not Found
173
How HTTP Redirect Works
174
Diagram of the Registration Process
176
Using the Restrictive-Filter Option
177
Show Command Output
177
Reauthenticating a MAC-Auth Client
177
Configuring the Registration Server URL
178
Unconfiguring a MAC-Auth Registration Server
178
Operating Notes for HTTP Redirect
178
Show Commands for MAC-Based Authentication
179
Client Status
185
TACACS+ Authentication
187
Overview
187
Terminology Used in TACACS Applications
188
General System Requirements
190
General Authentication Setup Procedure
190
Configuring TACACS+ on the Switch
193
Before You Begin
193
CLI Commands Described in this Section
194
Viewing the Switch's Current Authentication Configuration
194
Viewing the Switch's Current TACACS+ Server Contact Configuration
195
Configuring the Switch's Authentication Methods
196
Using the Privilege-Mode Option for Login
196
Authentication Parameters
198
Configuring the TACACS+ Server for Single Login
199
Configuring the Switch's TACACS+ Server Access
203
How Authentication Operates
210
General Authentication Process Using a TACACS+ Server
210
Local Authentication Process
211
Using the Encryption Key
212
General Operation
212
Encryption Options in the Switch
213
Using TACACS+ Authentication
214
Messages Related to TACACS+ Operation
215
Operating Notes
216
Overview
217
Accounting Services
218
Terminology
219
Terminology
220
Switch Operating Rules for RADIUS
220
General RADIUS Setup Procedure
221
Configuring the Switch for RADIUS Authentication
222
Outline of the Steps for Configuring RADIUS Authentication
224
You Want RADIUS to Protect
225
Enable the (Optional) Access Privilege Option
228
Configure the Switch to Access a RADIUS Server
230
Configure the Switch's Global RADIUS Parameters
233
Using Multiple RADIUS Server Groups
237
Enhanced Commands
238
Displaying the RADIUS Server Group Information
240
Cached Reauthentication
242
Timing Considerations
243
Using SNMP to View and Configure
246
Switch Authentication Features
246
Changing and Viewing the SNMP Access Configuration
247
Local Authentication Process
250
Controlling Webagent Access
251
Commands Authorization
252
Enabling Authorization
253
Displaying Authorization Information
254
Example Configuration on Cisco Secure ACS for MS Windows
256
Example Configuration Using Freeradius
259
VLAN Assignment in an Authentication Session
260
Additional RADIUS Attributes
261
Accounting Services
264
Operating Rules for RADIUS Accounting
265
Acct-Session-ID Options in a Management Session
266
Common Acct-Session-ID Operation
268
Configuring RADIUS Accounting
269
Configure the Switch to Access a RADIUS Server
270
Optional) Reconfigure the Acct-Session-ID Operation
272
Reports to the RADIUS Server
273
Updating Options
277
Viewing RADIUS Statistics
278
RADIUS Authentication Statistics
280
RADIUS Accounting Statistics
282
Changing RADIUS-Server Access Order
283
Dynamic Removal of Authentication
286
Limits
286
Displaying the Port-Access Information
288
Operating Notes
289
Overview
291
Overview
292
Optional PCM and IDM Network Management Applications
292
RADIUS Server Configuration for Cos
293
P Priority) and Rate-Limiting
293
Applied Rates for RADIUS-Assigned Rate Limits
295
Viewing the Currently Active Per-Port Cos and Rate-Limiting Configuration Specified by a RADIUS Server
297
Configuring and Using Dynamic RADIUS-Assigned) Access Control Lists
301
Overview of RADIUS-Assigned, Dynamic Acls
304
Contrasting RADIUS-Assigned and Static Acls
306
To a Client on a Switch Port
308
General ACL Features, Planning, and Configuration
309
The Packet-Filtering Process
310
Configuring an ACL in a RADIUS Server
312
Nas-Filter-Rule-Options
313
ACE Syntax in RADIUS Servers
315
Example Using the Standard Attribute (92) in an Ipv4 ACL
317
Example Using HP VSA 63 to Assign Ipv6 And/Or Ipv4 Acls
319
Example Using HP VSA 61 to Assign Ipv4 Acls
322
Freeradius "Users" File
323
Configuration Notes
324
Acls
325
On the Switch
327
Event Log Messages
332
Overview
333
Terminology
335
Overview
336
Prerequisite for Using SSH
336
Steps for Configuring and Using SSH
337
Public Key Formats
337
For Switch and Client Authentication
337
General Operating Rules and Notes
339
General Operating Rules and Notes
340
Configuring the Switch for SSH Operation
340
Enable (Manager) Password
341
Configuring Key Lengths
344
Client Contact Behavior
347
Configuring the Switch for SSH Authentication
352
Use an SSH Client to Access the Switch
356
Further Information on SSH Client Public-Key Authentication
357
Messages Related to SSH Operation
363
Overview
365
Overview
366
9 Configuring Secure Socket Layer (SSL)
366
Terminology
366
Prerequisite for Using SSL
368
General Operating Rules and Notes
369
General Operating Rules and Notes
370
Authentication
370
Configuring the Switch for SSL Operation
370
With the CLI
371
Comments on Certificate Fields
372
Generate a Self-Signed Host Certificate with the Webagent
374
Webagent
375
Browser Contact Behavior
377
Using the CLI Interface to Enable SSL
378
Common Errors in SSL Setup
380
Introduction
381
Overview of Options for Applying Ipv4 Acls on the Switch
383
Command Summary for Standard Ipv4 Acls
385
Command Summary for Ipv4 Extended Acls
386
Displaying Acls
387
Terminology
388
Overview
393
RACL Applications
394
VACL Applications
396
RADIUS-Assigned (Dynamic) Port ACL Applications
397
Multiple Acls on an Interface
399
Features Common to All ACL Applications
402
General Steps for Planning and Configuring Acls
403
Ipv4 Static ACL Operation
405
The Packet-Filtering Process
406
Planning an ACL Application
409
Security
411
Ipv4 ACL Configuration and Operating Rules
412
How an ACE Uses a Mask to Screen Packets for Matches
415
Access Control Entry (ACE)
416
Configuring and Assigning an Ipv4 ACL
420
Options for Permit/Deny Policies
421
Standard ACL Structure
422
Extended ACL Configuration Structure
423
ACL Configuration Factors
425
Allowing for the Implied Deny Function
427
Using the CLI to Create an ACL
428
Using CIDR Notation to Enter the Ipv4 ACL Mask
429
Configuring Standard Acls
430
Configuring Named, Standard Acls
432
Creating Numbered, Standard Acls
435
Configuring Extended Acls
439
Configuring Named, Extended Acls
441
Configuring Numbered, Extended Acls
454
Adding or Removing an ACL Assignment on an Interface
461
Filtering Ipv4 Traffic Inbound on a VLAN
462
Filtering Inbound Ipv4 Traffic Per Port
463
Deleting an ACL
465
Editing an Existing ACL
466
Sequence Numbering in Acls
467
Inserting an ACE in an Existing ACL
468
Deleting an ACE from an Existing ACL
470
Resequencing the Aces in an ACL
471
Attaching a Remark to an ACE
472
Operating Notes for Remarks
475
Displaying ACL Configuration Data
477
Display an ACL Summary
478
Display the Content of All Acls on the Switch
479
Display the RACL and VACL Assignments for a VLAN
480
Display Static Port (and Trunk) ACL Assignments
481
Displaying the Content of a Specific ACL
483
Display All Acls and Their Assignments in the Routing Switch Startup-Config File and Running-Config File
486
Creating or Editing Acls Offline
487
Example of Using the Offline Process
488
Enable ACL "Deny" Logging
492
Enable ACL “Deny” Logging
493
ACL Logging Operation
493
Enabling ACL Logging on the Switch
494
Configuring the Logging Timer
496
Monitoring Static ACL Performance
497
Example of ACL Performance Monitoring
499
Example of Resetting ACE Hit Counters to Zero
501
Ipv6 Counter Operation with Multiple Interface Assignments
502
Ipv4 Counter Operation with Multiple Interface Assignments
503
General ACL Operating Notes
508
Introduction
511
Introduction
512
DHCP Snooping
512
Overview
513
Enabling DHCP Snooping
514
Enabling DHCP Snooping on VLANS
516
Configuring Authorized Server Addresses
517
Using DHCP Snooping with Option 82
518
Changing the Remote-ID from a MAC to an IP Address
520
The DHCP Binding Database
521
Operational Notes
522
Log Messages
523
Dynamic ARP Protection
525
Enabling Dynamic ARP Protection
527
Adding an IP-To-MAC Binding to the DHCP Database
529
Configuring Additional Validation Checks on ARP Packets
530
Displaying ARP Packet Statistics
531
Monitoring Dynamic ARP Protection
532
Dynamic IP Lockdown
533
Protection against IP Source Address Spoofing
533
Filtering IP and MAC Addresses Per-Port and Per-VLAN
534
Enabling Dynamic IP Lockdown
535
Adding an IP-To-MAC Binding to the DHCP Binding Database
537
Adding a Static Binding
538
Displaying the Static Configuration of IP-To-MAC Bindings
539
Debugging Dynamic IP Lockdown
540
Differences between Switch Platforms
541
Using the Instrumentation Monitor
543
Operating Notes
544
Configuring Instrumentation Monitor
545
Examples
546
Viewing the Current Instrumentation Monitor Configuration
547
Overview
549
Introduction
550
Filter Types and Operation
551
Example
552
Named Source-Port Filters
553
Operating Rules for Named Source-Port Filters
554
Viewing a Named Source-Port Filter
556
Static Multicast Filters
562
Protocol Filters
563
Configuring Traffic/Security Filters
564
Configuring a Source-Port Traffic Filter
565
Example of Creating a Source-Port Filter
566
Editing a Source-Port Filter
567
Configuring a Multicast or Protocol Traffic Filter
568
Filter Indexing
569
Displaying Traffic/Security Filters
570
Overview
573
User Authentication Methods
574
X User-Based Access Control
575
Alternative to Using a RADIUS Server
576
Terminology
580
General 802.1X Authenticator Operation
580
VLAN Membership Priority
581
General Operating Rules and Notes
583
General Setup Procedure for 802.1X Access Control
585
Overview: Configuring 802.1X Authentication on the Switch
588
Configuring Switch Ports as 802.1X Authenticators
589
Enable 802.1X Authentication on Selected Ports
590
Port-Based Authentication
591
Example: Configuring User-Based 802.1X Authentication
592
Reconfigure Settings for Port-Access
593
Configure the 802.1X Authentication Method
596
Enter the RADIUS Host IP Address(Es)
597
Enable 802.1X Authentication on the Switch
598
Optional: Reset Authenticator Operation
599
Wake-On-LAN Traffic
600
Operating Notes
601
Characteristics of Mixed Port Access Mode
602
Configuring Mixed Port Access Mode
603
X Open VLAN Mode
604
VLAN Membership Priorities
605
Unauthorized-Client Vlans
611
Setting up and Configuring 802.1X Open VLAN Mode
615
X Open VLAN Operating Notes
620
Option for Authenticator Ports: Configure Port-Security to Allow Only 802.1X-Authenticated Devices
621
To Allow Only 802.1X-Authenticated Devices
622
Option for Authenticator Ports: Configure Port-Security
622
Port-Security
622
Configuring Switch Ports to Operate as Supplicants for 802.1X Connections to Other Switches
623
Supplicants for 802.1X Connections to Other Switches
625
Supplicant Port Configuration
625
Displaying 802.1X Configuration, Statistics, and Counters
627
Viewing 802.1X Open VLAN Mode Status
636
Show Commands for Port-Access Supplicant
640
How RADIUS/802.1X Authentication Affects VLAN Operation
641
VLAN Assignment on a Port
642
Authentication Session
644
In Authentication Sessions
647
Overview
649
Overview
650
Port Security
650
Eavesdrop Prevention
651
Feature Interactions When Eavesdrop Prevention Is Disabled
652
MIB Support
653
Trunk Group Exclusion
654
Planning Port Security
655
Port Security Command Options and Operation
656
Configuring Port Security
660
Retention of Static Addresses
665
MAC Lockdown
671
Differences between MAC Lockdown and Port Security
672
MAC Lockdown Operating Notes
674
Deploying MAC Lockdown
675
MAC Lockout
679
Port Security and MAC Lockout
681
Reading Intrusion Alerts and Resetting Alert Flags
682
How the Intrusion Log Operates
683
And Resetting Alert Flags
684
Using the Event Log to Find Intrusion Alerts
686
Operating Notes for Port Security
687
Overview
689
Options
691
Access Levels
692
Defining Authorized Management Stations
692
Menu: Viewing and Configuring IP Authorized Managers
693
CLI: Viewing and Configuring Authorized IP Managers
694
Configuring IP Authorized Managers for the Switch
695
Webagent: Configuring IP Authorized Managers
697
Webagent: Configuring IP Authorized Managers
698
Web Proxy Servers
698
Building IP Masks
699
Additional Examples for Authorizing Multiple Stations
701
Operating Notes
702
Overview
703
Terminology
704
Configuring Key Chain Management
704
Assigning a Time-Independent Key to a Chain
705
Assigning Time-Dependent Keys to a Chain
707
Advertisement
Advertisement
Related Products
HP E3800-48G-PoE+-4SFP+
HP E3800-48G-4SFP+
HP E3800-48G-4XGT tl
HP E3800-48G-4XG
HP E3800-48G-PoE+-4XG
HP E3800-24G-2SFP+
HP E3800-24G-2XGT tl
HP E3800-24G-2XG
HP E3800-24G-PoE+-2XG
HP 10504
HP Categories
Desktop
Laptop
Server
Monitor
Switch
More HP Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL