Manualshelf

Product guide

ManualsBrandsProCurve ManualsComputer equipment6200yl
31323334353637383940
1-9
Security Overview
Network Security Features
For more information, refer to Chapter 13 “Configuring Port-Based and User-
Based Access Control (802.1X)”.
Web and MAC Authentication
These options are designed for application on the edge of a network to provide
port-based security measures for protecting private networks and the switch
itself from unauthorized access. Because neither method requires clients to
run any special supplicant software, both are suitable for legacy systems and
temporary access situations where introducing supplicant software is not an
attractive option. Both methods rely on using a RADIUS server for authenti-
cation. This simplifies access security management by allowing you to control
access from a master database in a single server. It also means the same
credentials can be used for authentication, regardless of which switch or
switch port is the current access point into the LAN. Web authentication uses
a web page login to authenticate users for access to the network. MAC
authentication grants access to a secure network by authenticating device
MAC addresses for access to the network. For more information, refer to
Chapter 4, “Web and MAC Authentication”.
Secure Shell (SSH)
SSH provides Telnet-like functions through encrypted, authenticated transac-
tions of the following types:
client public-key authentication: uses one or more public keys (from
clients) that must be stored on the switch. Only a client with a private key
that matches a stored public key can gain access to the switch.
switch SSH and user password authentication: this option is a subset
of the client public-key authentication, and is used if the switch has SSH
enabled without a login access configured to authenticate the client’s key.
In this case, the switch authenticates itself to clients, and users on SSH
clients then authenticate themselves to the switch by providing pass-
words stored on a RADIUS or TACACS+ server, or locally on the switch.
secure copy (SC) and secure FTP (SFTP): By opening a secure,
encrypted SSH session, you can take advantage of SC and SFTP to provide
a secure alternative to TFTP for transferring sensitive switch information.
For more information on SSH, refer to Chapter 8, “Configuring Secure Shell
(SSH)”. For more on SC and SFTP, refer to the section titled “Using Secure
Copy and SFTP” in the “File Transfers” appendix of the Management and
Configuration Guide for your switch.