ProCurve 6200yl User's Guide Page 310
- Page / 596
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
10-24
Access Control Lists (ACLs)
Overview
General Steps for Planning and Configuring ACLs
1. Identify the ACL application to apply. As part of this step, determine the
best points at which to apply specific ACL controls. For example, you can
improve network performance by filtering unwanted IP traffic at the edge
of the network instead of in the core. Also, on the switch itself, you can
improve performance by filtering unwanted IP traffic where it is inbound
to the switch instead of outbound.
2. Identify the IP traffic types to filter:
• The SA and/or the DA of IP traffic you want to permit or deny. This
can be a single host, a group of hosts, a subnet, or all hosts.
• Any IP traffic of a specific protocol type (0-255)
• Any TCP traffic (only) for a specific TCP port or range of ports,
including optional control of connection traffic based on whether the
initial request should be allowed
• Any UDP traffic (only) or UDP traffic for a specific UDP port
• Any ICMP traffic (only) or ICMP traffic of a specific type and code
• Any IGMP traffic (only) or IGMP traffic of a specific type
• Any of the above with specific precedence and/or ToS settings
3. Design the ACLs for the control points (interfaces) you have selected.
Where you are using explicit “deny” ACEs, you can optionally use the ACL
logging feature for notification that the switch is denying unwanted
packets.
4. Configure the ACLs on the selected switches.
IP Traffic Source ACL Application
IP traffic from a specific, authenticated
client
dynamic port ACL (RADIUS-assigned ACL)
for inbound IP traffic from an authenticated
client on a port*
IP traffic entering the switch on a specific
port
static port ACL (static-port assigned) for
any inbound IP traffic on a port from any
source
switched or routed IP traffic entering the
switch on a specific VLAN
VACL (VLAN ACL)
routed IP traffic entering or leaving the
switch on a specific VLAN
RACL (routed ACL)
*For more on this option, refer to chapter 7, “Configuring RADIUS Server Support for
Switch Services”, and also to the documentation for your RADIUS server.)
- ProCurve Switches 1
- ProCurve 3
- Series 5400zl Switches 3
- Series 3500yl Switches 3
- 6200yl Switch 3
- Hewlett-Packard Company 4
- 3 Virus Throttling 7
- 4 Web and MAC Authentication 8
- 5 TACACS+ Authentication 8
- 13 Configuring Port-Based and 17
- 16 Key Management System 20
- Product Documentation 21
- Software Feature Index 22
- Intelligent Edge Software 23
- Features 23
- Security Overview 27
- Introduction 28
- Switch Access Security 29
- Note on SNMP 31
- Access to 31
- Secure File Transfers 32
- Authorized IP Managers 33
- Secure Management VLAN 33
- RADIUS Authentication 33
- Network Security Features 34
- Secure Shell (SSH) 35
- Traffic/Security Filters 36
- Advanced Threat Detection 38
- Identity-Driven Manager (IDM) 39
- Menu: Setting Passwords 45
- Front-Panel Security 48
- When Security Is Important 49
- Front-Panel Button Functions 50
- Reset Button 51
- Password Recovery 58
- [Y] (for “Yes”) 59
- [N] (for “No”) 59
- Password Recovery Process 60
- Virus Throttling 61
- Features and Benefits 64
- General Operation 65
- Application Options 66
- Operating Rules 67
- Sensitivity 71
- Configuring and Applying 79
- Connection-Rate ACLs 79
- Connection-Rate ACL Operation 80
- Source IP Address Criteria 81
- Criteria 83
- Applying Connection-Rate ACLs 86
- Client Options 95
- General Features 95
- Authenticator Operation 97
- MAC-based Authentication 99
- Web and MAC Authentication 100
- Terminology 101
- Operating Rules and Notes 102
- Authentication 104
- RADIUS Server 106
- Overview 109
- Configuration Overview 123
- Client Status 131
- TACACS+ Authentication 133
- Terminology Used in TACACS 135
- Applications: 135
- General System Requirements 137
- Note on 139
- Privilege Levels 139
- Before You Begin 140
- Configuration 141
- Server Contact Configuration 142
- Caution Regarding 145
- Login Primary 145
- Encryption Keys 148
- First-Choice TACACS+ Server 150
- How Authentication Operates 152
- Local Authentication Process 154
- Using the Encryption Key 155
- Access When Using TACACS+ 156
- Messages Related to TACACS+ 157
- Operation 157
- Operating Notes 157
- Contents 159
- Accounting Services 162
- Configuration MIB 162
- You Want RADIUS To Protect 168
- (hpSwitchAuth) is disabled 179
- Commands Authorization Type 182
- Configuring the RADIUS Server 184
- Configuring RADIUS Accounting 190
- Interim Updating Options 196
- Viewing RADIUS Statistics 198
- RADIUS Accounting Statistics 201
- as both the primary 205
- Configuring and Using 214
- The Packet-filtering Process 222
- ■ vendor and ACL identifiers: 224
- Configuration Notes 228
- ACEs in the list 229
- Event Log Messages 234
- After Authenticating 235
- Monitoring Shared Resources 235
- Prerequisite for Using SSH 241
- Public Key Formats 241
- Host Public 248
- Key for the 248
- Bit Size 249
- Exponent <e> 249
- Modulus <n> 249
- Client Contact Behavior 251
- ■ Execute no ip ssh 252
- Note on Port 253
- Public-Key Authentication 258
- Bit Size Exponent <e> 259
- Note on Public 261
- Key Index Number 262
- Prerequisite for Using SSL 269
- Password Button 272
- Security Tab 272
- Generate New Key 275
- Enter certificate Arguments 275
- Generate New Certificate 275
- Show host certificate command 276
- [SSL] button 278
- Web browser interface 279
- Browser Contact Behavior 281
- Common Errors in SSL setup 285
- Access Control Lists (ACLs) 287
- Static ACLS 291
- Dynamic Port ACLs 291
- RACL Applications 302
- VACL Applications 304
- Multiple ACLs on an Interface 306
- ACL Operation 312
- Planning an ACL Application 316
- Security 318
- Access Control Entry (ACE) 323
- IP Address Mask 324
- ACL Configuration Structure 328
- Standard ACL Structure 329
- ACL Configuration Factors 332
- General ACE Rules 335
- Configuring Standard ACLs 337
- 10-14 on page 10-55 345
- Configuring Extended ACLs 346
- [Shift] [?] key combination 355
- On an Interface 367
- Deleting an ACL 371
- Editing an Existing ACL 372
- Sequence Numbering in ACLs 373
- Attaching a Remark to an ACE 378
- Operating Notes for Remarks 381
- Display an ACL Summary 383
- Indicates whether the ACL 387
- The Offline Process 390
- ■ ID: “LIST-20-IN” 391
- Enable ACL “Deny” Logging 395
- ACL Logging Operation 396
- General ACL Operating Notes 399
- DHCP Snooping 403
- Enabling DHCP Snooping 404
- The DHCP Binding Database 411
- Enabling Debug Logging 412
- Operational Notes 412
- Log Messages 413
- Dynamic ARP Protection 415
- Configuring Trusted Ports 417
- Examples 425
- Filter Types and Operation 431
- Source-Port Filters 432
- Named Source-Port Filters 434
- [ index ] 436
- Static Multicast Filters 443
- Protocol Filters 444
- * ), indicating that the 447
- Editing a Source-Port Filter 448
- Filter Indexing 450
- Configuring Port-Based and 453
- User Authentication Methods 456
- as defined in the 459
- 802.1X standard 459
- VLAN Membership Priority 462
- Access Control 466
- Authenticators 468
- Based Authentication 470
- Wake-on-LAN Traffic 476
- 802.1X Open VLAN Mode 478
- VLAN Membership Priorities 479
- Unauthorized-Client VLANs 485
- Configure Port-Security 494
- Port-Security 495
- Other Switches 496
- Supplicant Port Configuration 498
- Statistics, and Counters 500
- ■ Unauth-VLAN ID (if any) 501
- ■ Auth-VLAN ID (if any) 501
- ■ The switch reboots 507
- Affects VLAN Operation 508
- After the 802.1X session 511
- < port-number >: 513
- Port Security 518
- Eavesdrop Protection 519
- Blocking Unauthorized Traffic 519
- Trunk Group Exclusion 520
- Planning Port Security 521
- Port Security Display Options 522
- Configuring Port Security 526
- listing 529
- use this command syntax: 529
- Retention of Static Addresses 532
- MAC Lockdown 537
- MAC Lockdown Operating Notes 540
- Deploying MAC Lockdown 541
- MAC Lockout 545
- < = 1024 16 16 546
- 1025-2048 8 8 546
- Port Security and MAC Lockout 547
- Security Features 548
- Alert Flags 548
- Send-Disable 550
- Resetting Alert Flags 551
- Yes” for the port on which 552
- Using Authorized IP Managers 559
- Access Levels 561
- Stations 562
- Managers 563
- Building IP Masks 567
- IP Entry 568
- Key Management System 573
- Numerics 581
- 2 – Index 582
- See also port based 582
- Index – 3 583
- See sequence, ACEs 583
- 4 – Index 584
- Index – 5 585
- 6 – Index 586
- Index – 7 587
- 8 – Index 588
- Index – 9 589
- 10 – Index 590
- Index – 11 591
- 12 – Index 592
- Index – 13 593
- 14 – Index 594
- 5991-3828 596
Related products and manuals for Network switches ProCurve 6200yl
Network switches ProCurve 8200zl User Manual
(12 pages)
(12 pages)
Network switches ProCurve 5400zl User Manual
(33 pages)
(33 pages)
Network switches ProCurve 5400zl Specifications
(765 pages)
(765 pages)
Network switches ProCurve 2900 User's Guide
(104 pages)
(104 pages)
(12 pages)
Network switches ProCurve 6400cl User's Guide
(718 pages)
(718 pages)
Network switches ProCurve 3500yl User Manual
(15 pages)
(15 pages)
Network switches ProCurve 8212zl Manual
(667 pages)
(667 pages)
Network switches ProCurve 6200yl User Manual
(14 pages)
(14 pages)
Network switches ProCurve 3500yl User Manual
(16 pages)
(16 pages)
Network switches ProCurve 5300xl Specifications
(108 pages)
(108 pages)
Network switches ProCurve 5400zl Specifications
(110 pages)
(110 pages)
Network switches ProCurve 8200zl User's Guide
(360 pages)
(360 pages)
Network switches ProCurve 8200zl User's Guide
(195 pages)
(195 pages)
© 2020, manymanuals.com. All rights reserved. | 0.086 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals