ユーザーズマニュアル目次Access Security Guide for the ProCurve Series 2510 Switches1Title Page3Copyright and Disclaimer Notices4Contents5Product Documentation13Feature Index141.Getting Started17Contents17Introduction18Overview of Access Security Features18Management Access Security Protection19General Switch Traffic Security Guidelines20Conventions21Command Syntax Statements21Command Prompts22Screen Simulations22Port Identity Examples22Sources for More Information23Need Only a Quick Start?24IP Addressing24To Set Up and Install the Switch in Your Network252.Configuring Username and Password Security27Contents27Overview28Configuring Local Password Security30Menu: Setting Passwords30CLI: Setting Passwords and Usernames31Web: Setting Passwords and Usernames32Front-Panel Security33When Security Is Important33Front-Panel Button Functions ‘34Configuring Front-Panel Security36Password Recovery41Password Recovery Process433.Web and MAC Authentication45Contents45Overview46Client Options47General Features48How Web and MAC Authentication Operate49Authenticator Operation49Terminology53Operating Rules and Notes54General Setup Procedure for Web/MAC Authentication56Do These Steps Before You Configure Web/MAC Authentication56Additional Information for Configuring the RADIUS Server To Support MAC Authentication58Configuring the Switch To Access a RADIUS Server59Configuring Web Authentication61Overview61Configure the Switch for Web-Based Authentication62Configuring MAC Authentication on the Switch66Overview66Configure the Switch for MAC-Based Authentication67Show Status and Configuration of Web-Based Authentication70Show Status and Configuration of MAC-Based Authentication72Show Client Status744.TACACS+ Authentication75Contents75Overview76Terminology Used in TACACS Applications:77General System Requirements79General Authentication Setup Procedure79Configuring TACACS+ on the Switch82Before You Begin82CLI Commands Described in this Section83Viewing the Switch’s Current Authentication Configuration83Viewing the Switch’s Current TACACS+ Server Contact Configuration84Configuring the Switch’s Authentication Methods85Configuring the Switch’s TACACS+ Server Access89How Authentication Operates94General Authentication Process Using a TACACS+ Server94Local Authentication Process96Using the Encryption Key97Controlling Web Browser Interface Access When Using TACACS+ Authentication98Messages Related to TACACS+ Operation99Operating Notes995.RADIUS Authentication and Accounting101Contents101Overview102Terminology103Switch Operating Rules for RADIUS104General RADIUS Setup Procedure105Configuring the Switch for RADIUS Authentication106Outline of the Steps for Configuring RADIUS Authentication1071. Configure Authentication for the Access Methods You Want RADIUS To Protect1082. Configure the Switch To Access a RADIUS Server1103. Configure the Switch’s Global RADIUS Parameters112Local Authentication Process116Controlling Web Browser Interface Access When Using RADIUS Authentication117Configuring RADIUS Accounting117Operating Rules for RADIUS Accounting119Steps for Configuring RADIUS Accounting119Viewing RADIUS Statistics125General RADIUS Statistics125RADIUS Authentication Statistics128RADIUS Accounting Statistics129Changing RADIUS-Server Access Order130Messages Related to RADIUS Operation1326.Configuring Secure Shell (SSH)133Contents133Overview134Terminology136Prerequisite for Using SSH137Public Key Formats137Steps for Configuring and Using SSH for Switch and Client Authentication138General Operating Rules and Notes140Configuring the Switch for SSH Operation1411. Assign Local Login (Operator) and Enable (Manager) Password1412. Generate the Switch’s Public and Private Key Pair1423. Provide the Switch’s Public Key to Clients1444. Enable SSH on the Switch and Anticipate SSH Client Contact Behavior1475. Configure the Switch for SSH Authentication1506. Use an SSH Client To Access the Switch154Further Information on SSH Client Public-Key Authentication155Messages Related to SSH Operation1617.Configuring Secure Socket Layer (SSL)163Contents163Overview164Terminology165Prerequisite for Using SSL167Steps for Configuring and Using SSL for Switch and Client Authentication167General Operating Rules and Notes1681. Assign Local Login (Operator) and Enable (Manager) Password1692. Generate the Switch’s Server Host Certificate1703. Enable SSL on the Switch and Anticipate SSL Browser Contact Behavior179Common Errors in SSL Setup1838.Configuring Port-Based and Client-Based Access Control (802.1X)185Contents185Overview187Why Use Port-Based or Client-Based Access Control?187General Features187User Authentication Methods188Terminology191General 802.1X Authenticator Operation194Example of the Authentication Process194Switch-Port Supplicant Operation195General Operating Rules and Notes196General Setup Procedure for 802.1X Access Control198Do These Steps Before You Configure 802.1X Operation198Overview: Configuring 802.1X Authentication on the Switch199Configuring Switch Ports as 802.1X Authenticators2011. Enable 802.1X Authentication on Selected Ports2012. Reconfigure Settings for Port-Access2043. Configure the 802.1X Authentication Method2074. Enter the RADIUS Host IP Address(es)2085. Enable 802.1X Authentication on the Switch2086. Optionally Resetting Authenticator Operation209802.1X Open VLAN Mode210Introduction210VLAN Membership Priorities211Use Models for 802.1X Open VLAN Modes212Operating Rules for Authorized-Client and Unauthorized-Client VLANs215Setting Up and Configuring 802.1X Open VLAN Mode218802.1X Open VLAN Operating Notes222Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X Devices224Configuring Switch Ports To Operate As Supplicants for 802.1X Connections to Other Switches226Displaying 802.1X Configuration, Statistics, and Counters231Show Commands for Port-Access Authenticator231Viewing 802.1X Open VLAN Mode Status234Show Commands for Port-Access Supplicant237How RADIUS/802.1X Authentication Affects VLAN Operation238Messages Related to 802.1X Operation2429.Configuring and Monitoring Port Security243Contents243Overview244Basic Operation244Blocking Unauthorized Traffic245Trunk Group Exclusion246Planning Port Security247Port Security Command Options and Operation248Retention of Static MAC Addresses252Displaying Current Port Security Settings252Configuring Port Security254Web: Displaying and Configuring Port Security Features259Reading Intrusion Alerts and Resetting Alert Flags259Notice of Security Violations259How the Intrusion Log Operates260Keeping the Intrusion Log Current by Resetting Alert Flags261Using the Event Log To Find Intrusion Alerts266Web: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags267Operating Notes for Port Security267Configuring Protected Ports26910.Using Authorized IP Managers271Contents271Overview272Configuration Options273Access Levels273Defining Authorized Management Stations274Overview of IP Mask Operation274Menu: Viewing and Configuring IP Authorized Managers275CLI: Viewing and Configuring Authorized IP Managers276Web: Configuring IP Authorized Managers279Building IP Masks279Configuring One Station Per Authorized Manager IP Entry279Configuring Multiple Stations Per Authorized Manager IP Entry280Additional Examples for Authorizing Multiple Stations282Operating Notes282Numerics285A286C286D286E286G286I286K286L286M287O287P287Q288R288S289T290U290V290W290Index285Back Cover294サイズ: 1.9MBページ数: 294Language: Englishマニュアルを開く