HP PROCURVE W.14.03 Manual de usuario Pagina 391
- Pagina / 594
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Configuring Advanced Threat Protection
DHCP Snooping
• Attempts to exhaust system resources so that sufficient resources are
not available to transmit legitimate traffic, indicated by an unusually
high use of specific system resources
• Attempts to attack the switch’s CPU and introduce delay in system
response time to new network events
• Attempts by hackers to access the switch, indicated by an excessive
number of failed logins or port authentication failures
• Attempts to deny switch service by filling the forwarding table, indi-
cated by an increased number of learned MAC addresses or a high
number of MAC address moves from one port to another
• Attempts to exhaust available CPU resources, indicated by an
increased number of learned MAC address events being discarded
DHCP Snooping
Command Page
dhcp-snooping page 10-4
authorized-server page 10-8
database page 10-11
option page 10-8
trust page 10-7
verify page 10-10
vlan page 10-6
show dhcp-snooping page 10-5
show dhcp-snooping stats page 10-5
dhcp-snooping binding page 10-12
debug dhcp-snooping page 10-12
Overview
You can use DHCP snooping to help avoid the Denial of Service attacks that
result from unauthorized users adding a DHCP server to the network that then
provides invalid configuration data to other DHCP clients on the network.
10-3
- ProCurve Switches 1
- HP ProCurve 2910al Switch 3
- Hewlett-Packard Company 4
- 4 TACACS+ Authentication 8
- Configuring Port-Based and 16
- 15 Key Management System 20
- Product Documentation 21
- Software Feature Index 22
- Intelligent Edge Software 23
- Features 23
- Security Overview 27
- Introduction 28
- Access Security Features 29
- Network Security Features 33
- Physical Security 36
- Enter] 38
- SNMP Security Guidelines 42
- Network Immunity Manager 45
- Menu: Setting Passwords 54
- Security tab 57
- [Device Passwords] 57
- [Apply Changes] 57
- Config File 58
- Credentials 59
- ■ TACACS+ encryption keys 60
- SNMP Security Credentials 62
- Restrictions 69
- Front-Panel Security 71
- Front-Panel Button Functions 72
- Reset Button 73
- Password Recovery 80
- [Y] (for “Yes”) 81
- Password Recovery Process 82
- MAC Authentication 87
- Operate 89
- Web-based Authentication 90
- MAC-based Authentication 92
- Operating Rules and Notes 95
- Setup Procedure for Web/MAC 97
- RADIUS Server 100
- Web and MAC Authentication 101
- Overview 102
- Client Status 126
- TACACS+ Authentication 127
- Terminology Used in TACACS 129
- Applications: 129
- General System Requirements 131
- Before You Begin 134
- Configuration 135
- Server Contact Configuration 136
- Authentication Parameters 139
- Caution Regarding 142
- Login Primary 142
- [key < key-string >] 144
- First-Choice TACACS+ Server 147
- How Authentication Operates 150
- Local Authentication Process 151
- Using the Encryption Key 152
- Access When Using TACACS+ 153
- Authentication 153
- Messages Related to TACACS+ 154
- Operation 154
- Operating Notes 155
- Contents 157
- Accounting Services 160
- Configuration MIB 160
- Terminology 161
- You Want RADIUS To Protect 166
- Security Notes 177
- (hpSwitchAuth) is disabled 179
- Commands Authorization 182
- Enabling Authorization 183
- Additional RADIUS Attributes 190
- ■ IP address: 10.33.18.151 195
- ■ Stop-Only: 197
- Viewing RADIUS Statistics 199
- Note: The Webui 201
- RADIUS Accounting Statistics 202
- Limiting 210
- Configuring and Using 215
- Static ACLs 219
- ACL to a Switch Port 220
- The Packet-filtering Process 222
- Nas-Filter-Rule-Options 224
- FreeRADIUS Application 227
- RADIUS-Assigned ACL 229
- Configuration Notes 230
- Event Log Messages 235
- After Authenticating 236
- Monitoring Shared Resources 236
- Prerequisite for Using SSH 240
- Public Key Formats 240
- Host Public 247
- Key for the 247
- Configuring Key Lengths 248
- Bit Size 249
- Exponent <e> 249
- Modulus <n> 249
- Client Contact Behavior 251
- ■ Execute no ip ssh 252
- Enable SSH 254
- Public-Key Authentication 259
- Bit Size Exponent <e> 261
- Comment 261
- Key Index Number 263
- Logging Messages 266
- Debug Logging 266
- Prerequisite for Using SSL 271
- Security Tab 274
- Password Button 274
- Generate New Key 277
- Enter certificate Arguments 277
- Generate New Certificate 277
- [SSL] button 280
- Web browser interface 281
- Browser Contact Behavior 283
- Enable SLL 286
- Common Errors in SSL setup 287
- ACLs on the Switch 294
- Routing 307
- IPv4 Static ACL Operation 308
- Planning an ACL Application 312
- Security 313
- Matches 316
- Access Control Entry (ACE) 317
- ACL Configuration Structure 323
- Standard ACL Structure 324
- ■ A permit/deny statement 325
- ACL Configuration Factors 327
- General ACE Rules 330
- Configuring Standard ACLs 332
- 9-11 on page 9-48 340
- Configuring Extended ACLs 341
- [Shift] [?] key combination 350
- On an Interface 361
- Deleting an ACL 362
- Editing an Existing ACL 363
- Sequence Numbering in ACLs 364
- Attaching a Remark to an ACE 369
- Operating Notes for Remarks 372
- Display an ACL Summary 374
- Indicates whether the ACL 377
- The Offline Process 382
- Enable ACL “Deny” Logging 384
- ACL Logging Operation 385
- General ACL Operating Notes 387
- DHCP Snooping 391
- Enabling DHCP Snooping 392
- The DHCP Binding Database 399
- Enabling Debug Logging 400
- Operational Notes 400
- Log Messages 401
- Dynamic ARP Protection 403
- Configuring Trusted Ports 405
- Packets 408
- Examples 414
- Filter Types and Operation 419
- Source-Port Filters 420
- Example 421
- Named Source-Port Filters 422
- [ index ] 425
- Static Multicast Filters 431
- Protocol Filters 432
- * ), indicating that the 435
- Editing a Source-Port Filter 436
- Filter Indexing 438
- User Authentication Methods 444
- as defined in the 447
- 802.1X standard 447
- VLAN Membership Priority 450
- Access Control 455
- Authenticators 459
- Port-Based Authentication 461
- Wake-on-LAN Traffic 469
- 802.1X Open VLAN Mode 471
- VLAN Membership Priorities 472
- Unauthorized-Client VLANs 478
- Configure Port-Security 487
- Devices 487
- Port-Security 488
- Other Switches 489
- Statistics, and Counters 493
- ■ The switch reboots 506
- VLAN Assignment on a Port 508
- Based Authentication Session 510
- After the 802.1X session 513
- Port Security 520
- Eavesdrop Protection 521
- Trunk Group Exclusion 522
- Planning Port Security 523
- Configuring Port Security 528
- MAC Lockdown 538
- MAC Lockdown Operating Notes 541
- Deploying MAC Lockdown 542
- MAC Lockout 546
- < = 1024 16 16 547
- 1025-2048 8 8 547
- Security Features 549
- Alert Flags 549
- Note on 551
- Send-Disable 551
- Resetting Alert Flags 552
- Yes” for the port on which 553
- Using Authorized IP Managers 559
- Options 561
- Access Levels 561
- Stations 561
- Managers 563
- Web-Based Help 567
- Building IP Masks 568
- Key Management System 573
- Numerics 581
- 2 – Index 582
- Index – 3 583
- 4 – Index 584
- Index – 5 585
- 6 – Index 586
- Index – 7 587
- 8 – Index 588
- Index – 9 589
- 10 – Index 590
- Index – 11 591
- 12 – Index 592
- Development Company, L.P 594
- February 2009 594
- Manual Part Number 594
- 5992-5439 594
Relacionado con productos y manuales para Software HP PROCURVE W.14.03
Software HP T8671-91017 Manual de usuario
(54 paginas)
(54 paginas)
Software HP MT40 Guía de usuario
(74 paginas)
(74 paginas)
Software HP 4100GL Manual de usuario
(228 paginas)
(228 paginas)
Software HP rx3000 Series Manual de usuario
(301 paginas)
(301 paginas)
Software HP 39g+ Graphing Calculator Guía de usuario
(294 paginas)
(294 paginas)
Software HP 39g Graphing Calculator Guía de usuario
(288 paginas)
(288 paginas)
Software HP Vectra VE5 2 Guía de usuario
(102 paginas)
(102 paginas)
Software HP Photo Pro Guía de usuario
(16 paginas)
(16 paginas)
Software HP 5300 Información técnica
(442 paginas)
(442 paginas)
Software HP Web Jetadmin Software Manual de usuario
(31 paginas)
(31 paginas)
Software HP Web Jetadmin Software Manual de usuario
(14 paginas)
(14 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.060 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales