ProCurve 5300xl Specifications Page 23
- Page / 36
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
23
Port Security - MAC Lockdown
The 802.1X standard provides logical security to the network based on a user. There are many
times, however, when physical access limitations are desired. The Port Security - MAC
Lockdown feature limits physical access to a particular port on the switch by one of two
methods: a particular list of MAC addresses (up to 8 addresses per port can be configured), or
to the first MAC address the switch sees on that port. While this solution doesn’t help with a
switch port that legitimately sees a large number of MAC addresses, such as in a conference
room, it does provide security to a port used by a shared PC or dedicated PC by locking out
other PCs that try to access the switch port, even when the port is network enabled through
802.1X.
The Port Security feature can be set to send an SNMP trap to a management station when such
a violation occurs. It can also be set to completely disable the switch port (requiring the
network manager to re-enable the port before use), a feature for use in high security
environments, or an environment subject to potential hacking, such as a college dorm room.
Eavesdrop Protection
Configuring port security on ProCurve 5300xl Series switch port automatically enables
eavesdrop protection for that port. This prevents use of the port to flood unicast packets
addressed to MAC addresses unknown to the switch. This blocks unauthorized users from
eavesdropping on traffic intended for addresses that have aged-out of the switch’s address
table. (Eavesdrop prevention does not affect multicast and broadcast traffic, meaning that the
switch floods these two traffic types out a given port regardless of whether port security is
enabled on that port.)
Secure Shell – SSH v1 and v2
Secure Shell is an application very similar to telnet except that it encrypts the dialog so that in-
band CLI sessions can be kept private over the network. Encryption is done through the use of
public/private key pairs, one pair for host authentication and one pair for each SSH session that
is initiated.
The host key pair is used to authenticate the SSH client and switch to each other. The host key
pair is stored in flash, so is not lost on reboot, power-cycle or by clearing the config file.
Although not necessary or recommended, a new host key pair can be generated through the
CLI.
The session key pair is used to authenticate the SSH session. A new key pair is used for each
SSH session. Keys are kept in RAM and are lost on power-cycle or reboot. When the ProCurve
5300xl Switch Series is rebooted, new session key pairs are generated. With a key pair taking
about 12 seconds to generate, 10 keys are generated on boot up and placed in a cache to
prevent delays when starting up SSH sessions rapidly in succession. Filling this key cache takes
about 2 minutes and is CPU intensive. To keep this process from affecting other switch
functions, it is designated low priority for the CPU. Because the CPU is doing many things at
boot up, key pair generation doesn’t start until about one minute after boot up. This means that
an SSH session, waiting for the first session key pair generation, cannot be established until a
little over a minute after boot up.
The ProCurve 5300xl Switch Series support both SSHv1 and SSHv2 clients. SSHv2 provides an
additional level of security in that the public key negotiation is accomplished via a Diffie-Hellman
exchange that is not done under SSHv1.
SSL – Secure Sockets Layer
SSL can be used to encrypt the exchange between a web browser and the 5300 switch when
using the ProCurve 5300xl Switch Series web GUI.
A facility is provided on the GUI interface to generate a self-signed RSA certificate for use
during a SSL browser session.
Management VLAN
The ProCurve 5300xl Switch Series can be configured to designate one of the VLANs to be the
management VLAN. When this is configured the internal IP address of the switch becomes a
member solely of the management VLAN. Since access to the switch IP address is necessary for
telnet/SSH, GUI, and SNMP access, other members of this VLAN are the only ones that can
manage the switch.
- Reviewers Guide 1
- Background 4
- Product Overview 5
- Fabric Buffer 6
- Cross Bar Fabric 6
- CPU Interface 6
- The Master CPU 7
- Performance 8
- 100BT Ports 9
- Throughput Test Comments 9
- Copper Gig Ports 9
- Latency Test Comments 9
- Features and Benefits 10
- High Availability 12
- Figure 2. Switch Meshing 14
- Prioritization / QoS 16
- Security 17
- TACACS+ Authentication 22
- SSL – Secure Sockets Layer 23
- Management VLAN 23
- Port Security - MAC Lockdown 23
- Secure Shell – SSH v1 and v2 23
- Bandwidth Management 25
- Network Management 28
- Redundancy 31
- Service and Support 31
- Appendix 33
- ProCurve Networking Web Site 35
- To find out more about 36
- ProCurve Networking 36
Related products and manuals for Network switches ProCurve 5300xl
Network switches ProCurve 2900 User's Guide
(104 pages)
(104 pages)
(12 pages)
Network switches ProCurve 6400cl User's Guide
(718 pages)
(718 pages)
Network switches ProCurve 3500yl User Manual
(15 pages)
(15 pages)
Network switches ProCurve 8212zl Manual
(667 pages)
(667 pages)
Network switches ProCurve 6200yl User Manual
(14 pages)
(14 pages)
Network switches ProCurve 3500yl User Manual
(16 pages)
(16 pages)
Network switches ProCurve 5300xl Specifications
(108 pages)
(108 pages)
Network switches ProCurve 5400zl Specifications
(110 pages)
(110 pages)
Network switches ProCurve 8200zl User's Guide
(360 pages)
(360 pages)
Network switches ProCurve 8200zl User's Guide
(195 pages)
(195 pages)
Network switches ProCurve 6200yl Specifications
(130 pages)
(130 pages)
Network switches ProCurve 2900 User Manual
(15 pages)
(15 pages)
© 2020, manymanuals.com. All rights reserved. | 0.744 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals