ProCurve 6200yl User's Guide Page 298
- Page / 596
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
10-12
Access Control Lists (ACLs)
Terminology
identifier: The term used in ACL syntax statements to represent either the
name or number by which the ACL can be accessed. See also name-str.
Note: RADIUS-assigned ACLs are identified by client authentication data
and do not use the identifiers described in this chapter.
Implicit Deny: If the switch finds no matches between an IP packet and the
configured criteria in an applicable ACL, then the switch denies (drops)
the packet with an implicit deny any function (for standard ACLs) or an
implicit deny ip any any function (for extended ACLs). You can preempt
the Implicit Deny in a given ACL by configuring a permit any (standard) or
permit IP any any (extended) as the last explicit ACE in the ACL. Doing so
permits any IP packet that is not explicitly permitted or denied by other
ACEs configured sequentially earlier in the ACL. Unless otherwise noted,
Implicit Deny refers to the “deny” function enforced by both standard and
extended ACLs.
Inbound Traffic: For the purpose of defining where the switch applies ACLs
to filter IP traffic, inbound traffic is any IP packet that meets one of the
following criteria:
• Routed ACL (RACL): Inbound traffic is any IP packet entering the
switch on a VLAN interface (or a subnet in a multinetted VLAN) with
a destination IP address (DA) that is for any of the following:
– an external device on a different VLAN or subnet than the inter-
face on which it arrived
– an IP address configured on the switch itself
– a broadcast
Note that, except for IP traffic addressed to the switch itself, and
outbound IP traffic generated by the switch, routing must be config-
ured on the switch to enable support for RACL applications.
• VLAN ACL (VACL): Inbound traffic is any IP packet entering the
switch on a VLAN interface (or a subnet in a multinetted VLAN).
• Static Port ACL: Inbound traffic is any IP packet entering the switch
on the port.
• Dynamic Port ACL: Where a RADIUS server has authenticated a client
and assigned an ACL to the port to filter the client’s IP traffic, inbound
traffic is any IP packet entering the switch from that client.
name-str: The term used in extended ACL syntax statements to represent the
“name string”; the alphanumeric string used to identify the ACL. See also
identifier and ACL-ID.
- ProCurve Switches 1
- ProCurve 3
- Series 5400zl Switches 3
- Series 3500yl Switches 3
- 6200yl Switch 3
- Hewlett-Packard Company 4
- 3 Virus Throttling 7
- 4 Web and MAC Authentication 8
- 5 TACACS+ Authentication 8
- 13 Configuring Port-Based and 17
- 16 Key Management System 20
- Product Documentation 21
- Software Feature Index 22
- Intelligent Edge Software 23
- Features 23
- Security Overview 27
- Introduction 28
- Switch Access Security 29
- Note on SNMP 31
- Access to 31
- Secure File Transfers 32
- Authorized IP Managers 33
- Secure Management VLAN 33
- RADIUS Authentication 33
- Network Security Features 34
- Secure Shell (SSH) 35
- Traffic/Security Filters 36
- Advanced Threat Detection 38
- Identity-Driven Manager (IDM) 39
- Menu: Setting Passwords 45
- Front-Panel Security 48
- When Security Is Important 49
- Front-Panel Button Functions 50
- Reset Button 51
- Password Recovery 58
- [Y] (for “Yes”) 59
- [N] (for “No”) 59
- Password Recovery Process 60
- Virus Throttling 61
- Features and Benefits 64
- General Operation 65
- Application Options 66
- Operating Rules 67
- Sensitivity 71
- Configuring and Applying 79
- Connection-Rate ACLs 79
- Connection-Rate ACL Operation 80
- Source IP Address Criteria 81
- Criteria 83
- Applying Connection-Rate ACLs 86
- Client Options 95
- General Features 95
- Authenticator Operation 97
- MAC-based Authentication 99
- Web and MAC Authentication 100
- Terminology 101
- Operating Rules and Notes 102
- Authentication 104
- RADIUS Server 106
- Overview 109
- Configuration Overview 123
- Client Status 131
- TACACS+ Authentication 133
- Terminology Used in TACACS 135
- Applications: 135
- General System Requirements 137
- Note on 139
- Privilege Levels 139
- Before You Begin 140
- Configuration 141
- Server Contact Configuration 142
- Caution Regarding 145
- Login Primary 145
- Encryption Keys 148
- First-Choice TACACS+ Server 150
- How Authentication Operates 152
- Local Authentication Process 154
- Using the Encryption Key 155
- Access When Using TACACS+ 156
- Messages Related to TACACS+ 157
- Operation 157
- Operating Notes 157
- Contents 159
- Accounting Services 162
- Configuration MIB 162
- You Want RADIUS To Protect 168
- (hpSwitchAuth) is disabled 179
- Commands Authorization Type 182
- Configuring the RADIUS Server 184
- Configuring RADIUS Accounting 190
- Interim Updating Options 196
- Viewing RADIUS Statistics 198
- RADIUS Accounting Statistics 201
- as both the primary 205
- Configuring and Using 214
- The Packet-filtering Process 222
- ■ vendor and ACL identifiers: 224
- Configuration Notes 228
- ACEs in the list 229
- Event Log Messages 234
- After Authenticating 235
- Monitoring Shared Resources 235
- Prerequisite for Using SSH 241
- Public Key Formats 241
- Host Public 248
- Key for the 248
- Bit Size 249
- Exponent <e> 249
- Modulus <n> 249
- Client Contact Behavior 251
- ■ Execute no ip ssh 252
- Note on Port 253
- Public-Key Authentication 258
- Bit Size Exponent <e> 259
- Note on Public 261
- Key Index Number 262
- Prerequisite for Using SSL 269
- Password Button 272
- Security Tab 272
- Generate New Key 275
- Enter certificate Arguments 275
- Generate New Certificate 275
- Show host certificate command 276
- [SSL] button 278
- Web browser interface 279
- Browser Contact Behavior 281
- Common Errors in SSL setup 285
- Access Control Lists (ACLs) 287
- Static ACLS 291
- Dynamic Port ACLs 291
- RACL Applications 302
- VACL Applications 304
- Multiple ACLs on an Interface 306
- ACL Operation 312
- Planning an ACL Application 316
- Security 318
- Access Control Entry (ACE) 323
- IP Address Mask 324
- ACL Configuration Structure 328
- Standard ACL Structure 329
- ACL Configuration Factors 332
- General ACE Rules 335
- Configuring Standard ACLs 337
- 10-14 on page 10-55 345
- Configuring Extended ACLs 346
- [Shift] [?] key combination 355
- On an Interface 367
- Deleting an ACL 371
- Editing an Existing ACL 372
- Sequence Numbering in ACLs 373
- Attaching a Remark to an ACE 378
- Operating Notes for Remarks 381
- Display an ACL Summary 383
- Indicates whether the ACL 387
- The Offline Process 390
- ■ ID: “LIST-20-IN” 391
- Enable ACL “Deny” Logging 395
- ACL Logging Operation 396
- General ACL Operating Notes 399
- DHCP Snooping 403
- Enabling DHCP Snooping 404
- The DHCP Binding Database 411
- Enabling Debug Logging 412
- Operational Notes 412
- Log Messages 413
- Dynamic ARP Protection 415
- Configuring Trusted Ports 417
- Examples 425
- Filter Types and Operation 431
- Source-Port Filters 432
- Named Source-Port Filters 434
- [ index ] 436
- Static Multicast Filters 443
- Protocol Filters 444
- * ), indicating that the 447
- Editing a Source-Port Filter 448
- Filter Indexing 450
- Configuring Port-Based and 453
- User Authentication Methods 456
- as defined in the 459
- 802.1X standard 459
- VLAN Membership Priority 462
- Access Control 466
- Authenticators 468
- Based Authentication 470
- Wake-on-LAN Traffic 476
- 802.1X Open VLAN Mode 478
- VLAN Membership Priorities 479
- Unauthorized-Client VLANs 485
- Configure Port-Security 494
- Port-Security 495
- Other Switches 496
- Supplicant Port Configuration 498
- Statistics, and Counters 500
- ■ Unauth-VLAN ID (if any) 501
- ■ Auth-VLAN ID (if any) 501
- ■ The switch reboots 507
- Affects VLAN Operation 508
- After the 802.1X session 511
- < port-number >: 513
- Port Security 518
- Eavesdrop Protection 519
- Blocking Unauthorized Traffic 519
- Trunk Group Exclusion 520
- Planning Port Security 521
- Port Security Display Options 522
- Configuring Port Security 526
- listing 529
- use this command syntax: 529
- Retention of Static Addresses 532
- MAC Lockdown 537
- MAC Lockdown Operating Notes 540
- Deploying MAC Lockdown 541
- MAC Lockout 545
- < = 1024 16 16 546
- 1025-2048 8 8 546
- Port Security and MAC Lockout 547
- Security Features 548
- Alert Flags 548
- Send-Disable 550
- Resetting Alert Flags 551
- Yes” for the port on which 552
- Using Authorized IP Managers 559
- Access Levels 561
- Stations 562
- Managers 563
- Building IP Masks 567
- IP Entry 568
- Key Management System 573
- Numerics 581
- 2 – Index 582
- See also port based 582
- Index – 3 583
- See sequence, ACEs 583
- 4 – Index 584
- Index – 5 585
- 6 – Index 586
- Index – 7 587
- 8 – Index 588
- Index – 9 589
- 10 – Index 590
- Index – 11 591
- 12 – Index 592
- Index – 13 593
- 14 – Index 594
- 5991-3828 596
Related products and manuals for Network switches ProCurve 6200yl
Network switches ProCurve 8200zl User Manual
(12 pages)
(12 pages)
Network switches ProCurve 5400zl User Manual
(33 pages)
(33 pages)
Network switches ProCurve 5400zl Specifications
(765 pages)
(765 pages)
Network switches ProCurve 2900 User's Guide
(104 pages)
(104 pages)
(12 pages)
Network switches ProCurve 6400cl User's Guide
(718 pages)
(718 pages)
Network switches ProCurve 3500yl User Manual
(15 pages)
(15 pages)
Network switches ProCurve 8212zl Manual
(667 pages)
(667 pages)
Network switches ProCurve 6200yl User Manual
(14 pages)
(14 pages)
Network switches ProCurve 3500yl User Manual
(16 pages)
(16 pages)
Network switches ProCurve 5300xl Specifications
(108 pages)
(108 pages)
Network switches ProCurve 5400zl Specifications
(110 pages)
(110 pages)
Network switches ProCurve 8200zl User's Guide
(360 pages)
(360 pages)
Network switches ProCurve 8200zl User's Guide
(195 pages)
(195 pages)
© 2020, manymanuals.com. All rights reserved. | 1.336 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals