ProCurve 6200yl User's Guide Page 299
- Page / 596
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
10-13
Access Control Lists (ACLs)
Terminology
Named ACL: An ACL created with the ip access-list < extended | standard >
< name-str > command and then populated using the < deny | permit >
command in the Named ACL (nacl) CLI context. (Refer to “Entering the
“Named ACL” (nacl) Context” on page 10-53.)
Numbered ACL: An ACL created and initially populated by using the access-
list < 1-99 | 100 - 199 > command. (Refer to “Creating or Adding to a Standard,
Numbered ACL” on page 10-57.) After a numbered ACL has been created,
the switch manages it in the same way as a named ACL, meaning that it
can be applied and edited in the same way as a named ACL.
Outbound Traffic: For defining the points where the switch applies an RACL
to filter IP traffic, outbound traffic is routed IP traffic leaving the switch
through a VLAN interface (or a subnet in a multinetted VLAN). “Outbound
traffic” can also apply to switched IP traffic leaving the switch on a VLAN
interface, but VACLs do not filter outbound switched IP traffic. (Refer also
to “ACL Applications” on page 10-15.)
Permit: An ACE configured with this action allows the switch to forward a
routed IP packet for which there is a match within an applicable ACL.
Permit Any Forwarding: An ACE configured with this action causes the
switch to forward all routed IP packets that have not been permitted or
denied by earlier ACEs in the list. In a standard ACL, this is permit any. In
an extended ACL, it is permit ip any any.
RACL: See “Routed ACL”.
RADIUS-Assigned ACL: See “Dynamic Port ACL”.
remark-str: The term used in ACL syntax statements to represent the variable
“remark string”; a set of alphanumeric characters you can include in a
remark in an ACL. A remark string can include up to 100 characters and
must be delimited by single or double quotes if any spaces are included
in the string.
Routed ACL (RACL): An ACL applied to routed IP traffic that is entering or
leaving the switch on a given VLAN. See also “Access Control List”.
SA: The acronym for Source IP Address. In an IP packet, this is the source IP
address carried in the IP header, and identifies the packet’s sender. In a
standard ACE, this is the IP address used by the ACE to determine whether
there is a match between a packet and the ACE. In an extended ACE, this
is the first of two IP addresses used by the ACE to determine whether
there is a match between a packet and the ACE. See also “DA”.
- ProCurve Switches 1
- ProCurve 3
- Series 5400zl Switches 3
- Series 3500yl Switches 3
- 6200yl Switch 3
- Hewlett-Packard Company 4
- 3 Virus Throttling 7
- 4 Web and MAC Authentication 8
- 5 TACACS+ Authentication 8
- 13 Configuring Port-Based and 17
- 16 Key Management System 20
- Product Documentation 21
- Software Feature Index 22
- Intelligent Edge Software 23
- Features 23
- Security Overview 27
- Introduction 28
- Switch Access Security 29
- Note on SNMP 31
- Access to 31
- Secure File Transfers 32
- Authorized IP Managers 33
- Secure Management VLAN 33
- RADIUS Authentication 33
- Network Security Features 34
- Secure Shell (SSH) 35
- Traffic/Security Filters 36
- Advanced Threat Detection 38
- Identity-Driven Manager (IDM) 39
- Menu: Setting Passwords 45
- Front-Panel Security 48
- When Security Is Important 49
- Front-Panel Button Functions 50
- Reset Button 51
- Password Recovery 58
- [Y] (for “Yes”) 59
- [N] (for “No”) 59
- Password Recovery Process 60
- Virus Throttling 61
- Features and Benefits 64
- General Operation 65
- Application Options 66
- Operating Rules 67
- Sensitivity 71
- Configuring and Applying 79
- Connection-Rate ACLs 79
- Connection-Rate ACL Operation 80
- Source IP Address Criteria 81
- Criteria 83
- Applying Connection-Rate ACLs 86
- Client Options 95
- General Features 95
- Authenticator Operation 97
- MAC-based Authentication 99
- Web and MAC Authentication 100
- Terminology 101
- Operating Rules and Notes 102
- Authentication 104
- RADIUS Server 106
- Overview 109
- Configuration Overview 123
- Client Status 131
- TACACS+ Authentication 133
- Terminology Used in TACACS 135
- Applications: 135
- General System Requirements 137
- Note on 139
- Privilege Levels 139
- Before You Begin 140
- Configuration 141
- Server Contact Configuration 142
- Caution Regarding 145
- Login Primary 145
- Encryption Keys 148
- First-Choice TACACS+ Server 150
- How Authentication Operates 152
- Local Authentication Process 154
- Using the Encryption Key 155
- Access When Using TACACS+ 156
- Messages Related to TACACS+ 157
- Operation 157
- Operating Notes 157
- Contents 159
- Accounting Services 162
- Configuration MIB 162
- You Want RADIUS To Protect 168
- (hpSwitchAuth) is disabled 179
- Commands Authorization Type 182
- Configuring the RADIUS Server 184
- Configuring RADIUS Accounting 190
- Interim Updating Options 196
- Viewing RADIUS Statistics 198
- RADIUS Accounting Statistics 201
- as both the primary 205
- Configuring and Using 214
- The Packet-filtering Process 222
- ■ vendor and ACL identifiers: 224
- Configuration Notes 228
- ACEs in the list 229
- Event Log Messages 234
- After Authenticating 235
- Monitoring Shared Resources 235
- Prerequisite for Using SSH 241
- Public Key Formats 241
- Host Public 248
- Key for the 248
- Bit Size 249
- Exponent <e> 249
- Modulus <n> 249
- Client Contact Behavior 251
- ■ Execute no ip ssh 252
- Note on Port 253
- Public-Key Authentication 258
- Bit Size Exponent <e> 259
- Note on Public 261
- Key Index Number 262
- Prerequisite for Using SSL 269
- Password Button 272
- Security Tab 272
- Generate New Key 275
- Enter certificate Arguments 275
- Generate New Certificate 275
- Show host certificate command 276
- [SSL] button 278
- Web browser interface 279
- Browser Contact Behavior 281
- Common Errors in SSL setup 285
- Access Control Lists (ACLs) 287
- Static ACLS 291
- Dynamic Port ACLs 291
- RACL Applications 302
- VACL Applications 304
- Multiple ACLs on an Interface 306
- ACL Operation 312
- Planning an ACL Application 316
- Security 318
- Access Control Entry (ACE) 323
- IP Address Mask 324
- ACL Configuration Structure 328
- Standard ACL Structure 329
- ACL Configuration Factors 332
- General ACE Rules 335
- Configuring Standard ACLs 337
- 10-14 on page 10-55 345
- Configuring Extended ACLs 346
- [Shift] [?] key combination 355
- On an Interface 367
- Deleting an ACL 371
- Editing an Existing ACL 372
- Sequence Numbering in ACLs 373
- Attaching a Remark to an ACE 378
- Operating Notes for Remarks 381
- Display an ACL Summary 383
- Indicates whether the ACL 387
- The Offline Process 390
- ■ ID: “LIST-20-IN” 391
- Enable ACL “Deny” Logging 395
- ACL Logging Operation 396
- General ACL Operating Notes 399
- DHCP Snooping 403
- Enabling DHCP Snooping 404
- The DHCP Binding Database 411
- Enabling Debug Logging 412
- Operational Notes 412
- Log Messages 413
- Dynamic ARP Protection 415
- Configuring Trusted Ports 417
- Examples 425
- Filter Types and Operation 431
- Source-Port Filters 432
- Named Source-Port Filters 434
- [ index ] 436
- Static Multicast Filters 443
- Protocol Filters 444
- * ), indicating that the 447
- Editing a Source-Port Filter 448
- Filter Indexing 450
- Configuring Port-Based and 453
- User Authentication Methods 456
- as defined in the 459
- 802.1X standard 459
- VLAN Membership Priority 462
- Access Control 466
- Authenticators 468
- Based Authentication 470
- Wake-on-LAN Traffic 476
- 802.1X Open VLAN Mode 478
- VLAN Membership Priorities 479
- Unauthorized-Client VLANs 485
- Configure Port-Security 494
- Port-Security 495
- Other Switches 496
- Supplicant Port Configuration 498
- Statistics, and Counters 500
- ■ Unauth-VLAN ID (if any) 501
- ■ Auth-VLAN ID (if any) 501
- ■ The switch reboots 507
- Affects VLAN Operation 508
- After the 802.1X session 511
- < port-number >: 513
- Port Security 518
- Eavesdrop Protection 519
- Blocking Unauthorized Traffic 519
- Trunk Group Exclusion 520
- Planning Port Security 521
- Port Security Display Options 522
- Configuring Port Security 526
- listing 529
- use this command syntax: 529
- Retention of Static Addresses 532
- MAC Lockdown 537
- MAC Lockdown Operating Notes 540
- Deploying MAC Lockdown 541
- MAC Lockout 545
- < = 1024 16 16 546
- 1025-2048 8 8 546
- Port Security and MAC Lockout 547
- Security Features 548
- Alert Flags 548
- Send-Disable 550
- Resetting Alert Flags 551
- Yes” for the port on which 552
- Using Authorized IP Managers 559
- Access Levels 561
- Stations 562
- Managers 563
- Building IP Masks 567
- IP Entry 568
- Key Management System 573
- Numerics 581
- 2 – Index 582
- See also port based 582
- Index – 3 583
- See sequence, ACEs 583
- 4 – Index 584
- Index – 5 585
- 6 – Index 586
- Index – 7 587
- 8 – Index 588
- Index – 9 589
- 10 – Index 590
- Index – 11 591
- 12 – Index 592
- Index – 13 593
- 14 – Index 594
- 5991-3828 596
Related products and manuals for Network switches ProCurve 6200yl
Network switches ProCurve 8200zl User Manual
(12 pages)
(12 pages)
Network switches ProCurve 5400zl User Manual
(33 pages)
(33 pages)
Network switches ProCurve 5400zl Specifications
(765 pages)
(765 pages)
Network switches ProCurve 2900 User's Guide
(104 pages)
(104 pages)
(12 pages)
Network switches ProCurve 6400cl User's Guide
(718 pages)
(718 pages)
Network switches ProCurve 3500yl User Manual
(15 pages)
(15 pages)
Network switches ProCurve 8212zl Manual
(667 pages)
(667 pages)
Network switches ProCurve 6200yl User Manual
(14 pages)
(14 pages)
Network switches ProCurve 3500yl User Manual
(16 pages)
(16 pages)
Network switches ProCurve 5300xl Specifications
(108 pages)
(108 pages)
Network switches ProCurve 5400zl Specifications
(110 pages)
(110 pages)
Network switches ProCurve 8200zl User's Guide
(360 pages)
(360 pages)
Network switches ProCurve 8200zl User's Guide
(195 pages)
(195 pages)
© 2020, manymanuals.com. All rights reserved. | 0.305 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals