ProCurve 5300xl Specifications download pdf (Page 24)

The management VLAN is useful when higher switch security is desired. It prevents general

switch function access by anyone other than those on the management VLAN. The management

VLAN cannot be designated an XRRP backup VLAN.

SNMPv3

Many functions of the ProCurve 5300xl Switch Series can be monitored and the switch

configuration can even be changed through the switch’s MIBs. The standard method of querying

the switch’s MIBs for network management is through SNMP, the simple network management

protocol.

Before version 3 of SNMP, SNMP has used clear text across the network. On some networks this

has been viewed as a possible serious security concern. A way around this has been to use a

network management specific VLAN (see the section above on Management VLAN), but this can

be restrictive and is not a viable solution in many environments, particularly remote

environments.

SNMPv3 provides security for the SNMP communications across the web, including an

encryption mechanism to encrypt packet information. The three levels of security available in

SNMPv3 are:

• Authentication between the SNMP initiator and the 5300 switch based on username. This is

not very secure.

• Authentication between the SNMP initiator and the 5300 switch based on MD5 or SHA

algorithms. This provides better security for the passwords as they are encrypted. Actual

SNMP communication after login is still clear text and not secure.

• Authentication between the SNMP initiator and the 5300 switch based on MD5 or SHA

algorithms and encryption via 56 bit key DES. Passwords are protected and further SNMP

communication is encrypted across the network. Querying and control via SNMP cannot be

viewed outside the encrypted session.

With SNMPv3 those sites that are concerned with the possibility of packet snooping can turn on

encryption allowing secure communication between the network management application and

the switch.

Manager Authorized List

The ProCurve 5300xl Switch Series Manager Authorized List can be configured with up to ten IP

addresses that have management access to the switch. The list, along with Management VLANs

and console passwords, provides a way to tightly limit who has access to the switch console.

If no addresses are in this list (the default) any source IP address can send a packet to the

switch’s management agent. If you do have addresses in this list and you are using a

management VLAN, addresses on the list must be a member of the management VLAN to

obtain switch login.

Custom Banner Page

ProCurve 5300xl Switch Series allows custom messages (Max 320 characters) to be displayed

any time when a user accesses the management interface of the switch. These custom banner

could be used to display switch access policies or login messages whenever a user access the

switch through serial console, telnet, SSH or Web Interface.

Intrusion Logs

Whenever a security violation occurs on a port, the switch detects an intrusion attempt on that

port and it enters a record of this event in the Intrusion Log. No further intrusion attempts on

that port will appear in the Log until network administrator acknowledges the earlier intrusion

event by resetting the alert flag. The Intrusion Log lists the 20 most recently detected security

violation attempts, regardless of whether the alert flags for these attempts have been reset.

This gives the network administrator a history of past intrusion attempts.

The log shows the most recent intrusion at the top of the listing. The intrusion log entries

cannot be deleted (unless the switch is reset to its factory-default configuration). Instead, if the

log is filled when the switch detects a new intrusion, the oldest entry is dropped off the listing

and the newest entry appears at the top of the listing.

1 2 ... 19 20 21 22 23 24 25 26 27 28 29 ... 35 36

Comments to this Manuals

No comments

ProCurve 5300xl Specifications Page 24

Comments to this Manuals

Related products and manuals for Network switches ProCurve 5300xl