Manualshelf

Product guide

ManualsBrandsProCurve ManualsComputer equipment6200yl
31323334353637383940
1-10
Security Overview
Network Security Features
Secure Socket Layer (SSLv3/TLSv1)
This feature includes use of Transport Layer Security (TLSv1) to provide
remote web access to the switch via authenticated transactions and encrypted
paths between the switch and management station clients capable of SSL/TLS
operation. The authenticated type includes server certificate authentication
with user password authentication. For more information, refer to Chapter 9,
“Configuring Secure Socket Layer (SSL)”.
Traffic/Security Filters
These statically configured filters enhance in-band security (and improve
control over access to network resources) by forwarding or dropping inbound
network traffic according to the configured criteria. Filter options include:
source-port filters: Inbound traffic from a designated, physical source-
port will be forwarded or dropped on a per-port (destination) basis.
multicast filters: Inbound traffic having a specified multicast MAC
address will be forwarded to outbound ports or dropped on a per-port
(destination) basis.
protocol filters: Inbound traffic having the selected frame (protocol)
type will be forwarded or dropped on a per-port (destination) basis.
For details, refer to Chapter 12, “Traffic/Security Filters and Monitors”.
Port Security, MAC Lockdown, and MAC Lockout
The features listed below provide device-based access security in the follow-
ing ways:
Port security: Enables configuration of each switch port with a unique
list of the MAC addresses of devices that are authorized to access the
network through that port. This enables individual ports to detect, pre-
vent, and log attempts by unauthorized devices to communicate through
the switch. Some switch models also include eavesdrop prevention in the
port security feature.
MAC lockdown: This “static addressing” feature is used as an alternative
to port security to prevent station movement and MAC address “hijacking”
by allowing a given MAC address to use only one assigned port on the
switch. MAC lockdown also restricts the client device to a specific VLAN.
MAC lockout: This feature enables blocking of a specific MAC address
so that the switch drops all traffic to or from the specified address.