HP 4100GL Bedienungsanleitung

access security guide www.hp.com/go/hpprocurve hp procurve series 4100gl switches

How RADIUS/802.1x Authentication Affects VLAN Operation . . 6-43 Static VLAN Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation Refer to “5. Configuring the Switch for SSH Authentication” on page 4-18. SSH

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation [port < 1-65535 | default >] The TCP port number for SSH connections (de

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation SSH does not protect the switch from unauthorized access via the web interface

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation Configures a password method for the primary and secondary enable (Manager) ac

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation Syntax: aaa authentication ssh enable < local | tacacs | radius > <

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation Figure 4-14 shows how to check the results of the above commands. Lists the cu

Configuring Secure Shell (SSH) Further Information on SSH Client Public-Key Authentication Further Information on SSH Client Public-Key Authentication

Configuring Secure Shell (SSH) Further Information on SSH Client Public-Key Authentication 3. If there is not a match, and you have not configured th

Configuring Secure Shell (SSH) Further Information on SSH Client Public-Key Authentication Notes Comments in public key files, such as smith@support.

Configuring Secure Shell (SSH) Further Information on SSH Client Public-Key Authentication Note on Public The actual content of a public key entry in

Defining Authorized Management Stations . . . . . . . . . . . . . . . . . . . . . 8-4 Overview of IP Mask Operation . . . . . . . . . . . . . . . .

Configuring Secure Shell (SSH) Further Information on SSH Client Public-Key Authentication Syntax: clear crypto public-key Deletes the client-public-

Configuring Secure Shell (SSH) Messages Related to SSH Operation Messages Related to SSH Operation Message Meaning 00000K Peer unreachable. Indicate

Configuring Secure Shell (SSH) Messages Related to SSH Operation Message Meaning Error: Requested keyfile does not exist. The client key does not exi

5 Configuring Secure Socket Layer (SSL) Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Configuring Secure Socket Layer (SSL) Overview Overview Feature Default Menu CLI Web Generating a Self Signed Certificate on the switch No n/a

Configuring Secure Socket Layer (SSL) Terminology HP Switch (SSL Server) SSL Client Browser 1. Switch-to-Client SSL Cert. 2. User-to-Switch (login pas

Configuring Secure Socket Layer (SSL) Prerequisite for Using SSL  CA-Signed Certificate: A certificate verified by a third party certif- icate autho

Configuring Secure Socket Layer (SSL) Steps for Configuring and Using SSL for Switch and Client Authentication 1. Install an SSL capable browser appl

Configuring Secure Socket Layer (SSL) General Operating Rules and Notes General Operating Rules and Notes  Once you generate a certificate on the sw

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation Configuring the Switch for SSL Operation SSL-Related CLI Commands in Th

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation Using the web browser interface To Configure Local Passwords. You can

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation 2. Generating the Switch’s Server Host Certificate You must generate a

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation To Generate or Erase the Switch’s Server Certificate with the CLI Becau

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation Comments on certificate fields. There are a number arguments used in th

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation Notes "Zeroizing" the switch’s server host certificate or k

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation Generate a Self-Signed Host Certificate with the Web browser interface

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation For example, to generate a new host certificate via the web browsers in

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation Current SSL Host Certificate Figure 5-6. Web browser Interface showing

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation The installation of a CA-signed certificate involves interaction with o

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation Certificate Request Certificate Request Reply -----BEGIN CERTIFICATE---

Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii Overvi

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation Note Before enabling SSL on the switch you must generate the switch’s

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation Using the CLI interface to enable SSL Syntax: [no] web-management ssl

Configuring Secure Socket Layer (SSL) Configuring the Switch for SSL Operation Enable SLL and port number Selection Figure 5-8. Using the web browser

Configuring Secure Socket Layer (SSL) Common Errors in SSL setup Common Errors in SSL setup Error During Possible Cause Generating host certificate o

6 Configuring Port-Based Access Control (802.1x) Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Configuring Port-Based Access Control (802.1x) Overview OverviewFeature Default Menu CLI Web Configuring Switch Ports as 802.1x Authenticators D

Configuring Port-Based Access Control (802.1x) Overview  Local authentication of 802.1x clients using the switch’s local user- name and password (as

Configuring Port-Based Access Control (802.1x) Overview Authenticating One Switch to Another. 802.1x authentication also enables the switch to operat

Configuring Port-Based Access Control (802.1x) How 802.1x Operates How 802.1x Operates Authenticator Operation This operation provides security on a d

Getting Started Introduction Introduction This Access Security Guide is intended for use with the following switches:  HP Procurve Switch 4104GL 

Configuring Port-Based Access Control (802.1x) How 802.1x Operates Switch-Port Supplicant Operation This operation provides security on links between

Configuring Port-Based Access Control (802.1x) Terminology • A "failure" response continues the block on port B5 and causes port A1 to wait

Configuring Port-Based Access Control (802.1x) Terminology EAP (Extensible Authentication Protocol): EAP enables network access that supports multiple

Configuring Port-Based Access Control (802.1x) General Operating Rules and Notes member of that VLAN as long as at least one other port on the switch

Configuring Port-Based Access Control (802.1x) General Operating Rules and Notes  If a client already has access to a switch port when you configure

Configuring Port-Based Access Control (802.1x) General Setup Procedure for Port-Based Access Control (802.1x) General Setup Procedure for Port-Based A

Configuring Port-Based Access Control (802.1x) General Setup Procedure for Port-Based Access Control (802.1x) Overview: Configuring 802.1x Authenticat

Configuring Port-Based Access Control (802.1x) General Setup Procedure for Port-Based Access Control (802.1x) 7. If you are using Port Security on th

Configuring Port-Based Access Control (802.1x) Configuring Switch Ports as 802.1x Authenticators Configuring Switch Ports as 802.1x Authenticators 802

Configuring Port-Based Access Control (802.1x) Configuring Switch Ports as 802.1x Authenticators 1. Enable 802.1x Authentication on Selected Ports Thi

Getting Started Overview of Access Security Features Allows access to the switch by a networked device having an IP address previously configured in t

Configuring Port-Based Access Control (802.1x) Configuring Switch Ports as 802.1x Authenticators aaa port-access authenticator < port-list > (Sy

Configuring Port-Based Access Control (802.1x) Configuring Switch Ports as 802.1x Authenticators aaa port-access authenticator < port-list > (Sy

Configuring Port-Based Access Control (802.1x) Configuring Switch Ports as 802.1x Authenticators 3. Configure the 802.1x Authentication Method This ta

Configuring Port-Based Access Control (802.1x) Configuring Switch Ports as 802.1x Authenticators 4. Enter the RADIUS Host IP Address(es) If you select

Configuring Port-Based Access Control (802.1x) 802.1x Open VLAN Mode 802.1x Open VLAN Mode802.1x Authentication Commands page 6-14 802.1x Supplicant

Configuring Port-Based Access Control (802.1x) 802.1x Open VLAN Mode  1st Priority: The port joins a VLAN to which it has been assigned by a RADIUS

Configuring Port-Based Access Control (802.1x) 802.1x Open VLAN Mode Table 6-1. 802.1x Open VLAN Mode Options 802.1x Per-Port Configuration Port Res

Configuring Port-Based Access Control (802.1x) 802.1x Open VLAN Mode 802.1x Per-Port Configuration Port Response Open VLAN Mode with Only an Unauthor

Configuring Port-Based Access Control (802.1x) 802.1x Open VLAN Mode Operating Rules for Authorized-Client and Unauthorized-Client VLANs Condition Ru

Configuring Port-Based Access Control (802.1x) 802.1x Open VLAN Mode Condition Rule Multiple Authenticator Ports Using You can use the same static V

Getting Started Command Syntax Conventions Command Syntax Conventions This guide uses the following conventions for command syntax and displays. Synta

Configuring Port-Based Access Control (802.1x) 802.1x Open VLAN Mode Setting Up and Configuring 802.1x Open VLAN Mode Preparation. This section assume

Configuring Port-Based Access Control (802.1x) 802.1x Open VLAN Mode Note that as an alternative, you can configure the switch to use local password a

Configuring Port-Based Access Control (802.1x) 802.1x Open VLAN Mode 3. If you selected either eap-radius or chap-radius for step 2, use the radius h

Configuring Port-Based Access Control (802.1x) 802.1x Open VLAN Mode Configuring 802.1x Open VLAN Mode. Use these commands to actually configure Open

Configuring Port-Based Access Control (802.1x) 802.1x Open VLAN Mode Inspecting 802.1x Open VLAN Mode Operation. For information and an example on vi

Configuring Port-Based Access Control (802.1x) Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1x Devices  If an authentic

Configuring Port-Based Access Control (802.1x) Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1x Devices Note on If the p

Configuring Port-Based Access Control (802.1x) Configuring Switch Ports To Operate As Supplicants for 802.1x Connections to Other Switches Configuring

Configuring Port-Based Access Control (802.1x) Configuring Switch Ports To Operate As Supplicants for 802.1x Connections to Other Switches 1. When po

Configuring Port-Based Access Control (802.1x) Configuring Switch Ports To Operate As Supplicants for 802.1x Connections to Other Switches Configuring

Getting Started Related Publications Screen Simulations Figures containing simulated screen text and command output look like this: Figure 1. Example

Configuring Port-Based Access Control (802.1x) Configuring Switch Ports To Operate As Supplicants for 802.1x Connections to Other Switches aaa port-ac

Configuring Port-Based Access Control (802.1x) Displaying 802.1x Configuration, Statistics, and Counters Displaying 802.1x Configuration, Statistics,

Configuring Port-Based Access Control (802.1x) Displaying 802.1x Configuration, Statistics, and Counters show port-access authenticator (Syntax Contin

Configuring Port-Based Access Control (802.1x) Displaying 802.1x Configuration, Statistics, and Counters An Unauth VLAN ID appearing in the Current VL

Configuring Port-Based Access Control (802.1x) Displaying 802.1x Configuration, Statistics, and Counters 25 as an authorized VLAN, then the port’s mem

Configuring Port-Based Access Control (802.1x) Displaying 802.1x Configuration, Statistics, and Counters Syntax: show vlan < vlan-id > Displays

Configuring Port-Based Access Control (802.1x) Displaying 802.1x Configuration, Statistics, and Counters Show Commands for Port-Access Supplicant Synt

Configuring Port-Based Access Control (802.1x) How RADIUS/802.1x Authentication Affects VLAN Operation supplicant port to another without clearing the

Configuring Port-Based Access Control (802.1x) How RADIUS/802.1x Authentication Affects VLAN Operation For example, suppose that a RADIUS-authenticate

Configuring Port-Based Access Control (802.1x) How RADIUS/802.1x Authentication Affects VLAN Operation This entry shows that port A2 is temporarily un

Getting Started Related Publications HP provides a PDF version of this guide on the Product Documentation CD-ROM shipped with the switch. You can also

Configuring Port-Based Access Control (802.1x) How RADIUS/802.1x Authentication Affects VLAN Operation When the 802.1x client’s session on port A2 end

Configuring Port-Based Access Control (802.1x) Messages Related to 802.1x Operation Messages Related to 802.1x Operation Table 6-2. 802.1x Operating

7 Configuring and Monitoring Port Security Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Configuring and Monitoring Port Security Overview Overview Feature Default Menu CLI Web Displaying Current Port Security n/a — page 7-9 page 7

Configuring and Monitoring Port Security Basic Operation General Operation for Port Security. On a per-port basis, you can configure security measures

Configuring and Monitoring Port Security Basic Operation Switch A Port Security Configured Switch B MAC Address Authorized by Switch A PC 1 MAC Addres

Configuring and Monitoring Port Security Planning Port Security Planning Port Security 1. Plan your port security configuration and monitoring accord

Configuring and Monitoring Port Security Port Security Command Options and Operation Port Security Command Options and Operation Port Security Command

Configuring and Monitoring Port Security Port Security Command Options and Operation Table 7-1. Port Security Parameters Parameter Description Port

Getting Started Getting Documentation From the Web Getting Documentation From the Web 1. Go to the HP Procurve website at http://www.hp.com/go/hpproc

Configuring and Monitoring Port Security Port Security Command Options and Operation Parameter Description Action action <none | send-alarm | sen

Configuring and Monitoring Port Security Port Security Command Options and Operation Assigned/Authorized Addresses. : If you manually assign a MAC ad

Configuring and Monitoring Port Security Port Security Command Options and Operation With port numbers included in the command, show port-security dis

Configuring and Monitoring Port Security Port Security Command Options and Operation For information on the individual control parameters, see the Por

Configuring and Monitoring Port Security Port Security Command Options and Operation The Address Limit has not been reached. Although the Address Limi

Configuring and Monitoring Port Security Port Security Command Options and Operation If you are adding a device (MAC address) to a port on which the A

Configuring and Monitoring Port Security Port Security Command Options and Operation Note You can reduce the address limit below the number of curren

Configuring and Monitoring Port Security Web: Displaying and Configuring Port Security Features Web: Displaying and Configuring Port Security Features

Configuring and Monitoring Port Security Reading Intrusion Alerts and Resetting Alert Flags – The show port-security intrusion-log command displays t

Configuring and Monitoring Port Security Reading Intrusion Alerts and Resetting Alert Flags The log shows the most recent intrusion at the top of the

Getting Started Sources for More Information Sources for More Information  If you need information on specific parameters in the menu interface, ref

Configuring and Monitoring Port Security Reading Intrusion Alerts and Resetting Alert Flags The Intrusion Alert column shows “Yes” for any port on whi

Configuring and Monitoring Port Security Reading Intrusion Alerts and Resetting Alert Flags (The intrusion log holds up to 20 intrusion records and de

Configuring and Monitoring Port Security Reading Intrusion Alerts and Resetting Alert Flags Intrusion Alert on port A1. Figure 7-12. Example of an Una

Configuring and Monitoring Port Security Reading Intrusion Alerts and Resetting Alert Flags Intrusion Alert on port A1 is now cleared. Figure 7-14. Ex

Configuring and Monitoring Port Security Operating Notes for Port Security From the Menu Interface: In the Main Menu, click on 4. Event Log and use Ne

Configuring and Monitoring Port Security Operating Notes for Port Security Without both of the above configured, the switch detects only the proxy ser

8 Using Authorized IP Managers Contents Using Authorized IP Managers Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using Authorized IP Managers Overview Overview Authorized IP Manager Features Feature Default Menu CLI Web Listing (Showing) Authorized Managers n

Using Authorized IP Managers Options Options You can configure:  Up to 10 authorized manager addresses, where each address applies to either a singl

Getting Started Need Only a Quick Start? Need Only a Quick Start? IP Addressing. If you just want to give the switch an IP address so that it can com

Using Authorized IP Managers Defining Authorized Management Stations Defining Authorized Management Stations  Authorizing Single Stations: The table

Using Authorized IP Managers Defining Authorized Management Stations rized Manager IP address to authorize four IP addresses for management station ac

Using Authorized IP Managers Defining Authorized Management Stations 2. Enter an Authorized Manager IP address here. 5. Press [Enter], then [S] (fo

Using Authorized IP Managers Defining Authorized Management Stations The above example shows an Authorized IP Manager List that allows stations to acc

Using Authorized IP Managers Web: Configuring IP Authorized Managers The result of entering the preceeding example is: • Authorized Station IP Addres

Using Authorized IP Managers Building IP Masks For web-based help on how to use the web browser interface screen, click on the [?] button provided on

Using Authorized IP Managers Building IP Masks Configuring Multiple Stations Per Authorized Manager IP Entry The mask determines whether the IP addres

Using Authorized IP Managers Building IP Masks Figure 8-5. Analysis of IP Mask for Multiple-Station Entries 1st Octet 2nd Octet 3rd Octet 4th Octet Ma

Using Authorized IP Managers Operating Notes Additional Examples for Authorizing Multiple Stations Entries for Authorized Manager List Results IP Mask

Using Authorized IP Managers Operating Notes • Even if you need proxy server access enabled in order to use other applications, you can still elimina

Index Numerics 3DES … 4-3, 5-3 802.1x See port-based access control. …6-1 A aaa authentication … 2-9 access levels, authorized IP managers … 8-3 accou

inconsistent value … 7-12 O open VLAN mode See port access control OpenSSH … 4-3, 5-2 operating notes authorized IP managers … 8-12 port security … 7-

supplicant, enabling … 6-34 switch username and password … 6-3 terminology…6-7 troubleshooting, gvrp … 6-43 used with port-security … 6-31 VLAN operat

host key pair … 4-11 key, babble … 4-11 key, fingerprint … 4-11 keys, zeroizing … 4-11 key-size … 4-17 known-host file … 4-13, 4-15 man-in-the-middle

overview … 1-xii precautions … 2-6 preparing to configure … 2-9 preventing switch lockout … 2-15 privilege level code … 2-7 server access … 2-15 serve

6 – Index

Technical information in this documentis subject to change without notice.©Copyright Hewlett-Packard Company 2000, 2002.All right reserved.Reprodu

1 Configuring Username and Password Security Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Configuring Username and Password Security Overview Overview Feature Default Menu CLI Web Set Usernames no user names set — — page 1-6 Set a P

Configuring Username and Password Security Overview If you do steps 1 and 2, above, then the next time a console session is started for either the men

Configuring Username and Password Security Configuring Local Password Security Configuring Local Password Security Menu: Setting Passwords As noted ea

Configuring Username and Password Security Configuring Local Password Security If you have physical access to the switch, press and hold the Clear but

Configuring Username and Password Security Configuring Local Password Security To Remove Password Protection. Removing password protection means to e

2 TACACS+ Authentication Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

HP Procurve Series 4100GL Switches Access Security Guide Software Release G.07.XX or Greater

TACACS+ Authentication Overview Overview Feature Default Menu CLI Web view the switch’s authentication configuration n/a — page 2-10 — view the

TACACS+ Authentication Overview server and (2) local passwords configured on the switch. That is, with TACACS+ configured, the switch first tries to c

TACACS+ Authentication Terminology Used in TACACS Applications: Terminology Used in TACACS Applications:  NAS (Network Access Server): This is an i

TACACS+ Authentication General System Requirements • TACACS+ Authentication: This method enables you to use a TACACS+ server in your network to assi

TACACS+ Authentication General Authentication Setup Procedure Notes The effectiveness of TACACS+ security depends on correctly using your TACACS+ ser

TACACS+ Authentication General Authentication Setup Procedure 2. Determine the following: • The IP address(es) of the TACACS+ server(s) you want the

TACACS+ Authentication General Authentication Setup Procedure Caution You should ensure that the switch has a local Manager password. Other- wise, if

TACACS+ Authentication Configuring TACACS+ on the Switch Configuring TACACS+ on the Switch Before You Begin If you are new to TACACS+ authentication,

TACACS+ Authentication Configuring TACACS+ on the Switch Viewing the Switch’s Current Authentication Configuration This command lists the number of lo

TACACS+ Authentication Configuring TACACS+ on the Switch Configuring the Switch’s Authentication Methods The aaa authentication command configures the

© Copyright 2001-2002 Hewlett-Packard Company All Rights Reserved. This document contains information which is protected by copyright. Reproduction, a

TACACS+ Authentication Configuring TACACS+ on the Switch Table 2-1. AAA Authentication Parameters Name Default Range Function console n/a n/a S

TACACS+ Authentication Configuring TACACS+ on the Switch Table 2-2. Primary/Secondary Authentication Table Access Method and Privilege Level Authenti

TACACS+ Authentication Configuring TACACS+ on the Switch For example, here is a set of access options and the corresponding commands to configure the

TACACS+ Authentication Configuring TACACS+ on the Switch Configuring the Switch’s TACACS+ Server Access The tacacs-server command configures these par

TACACS+ Authentication Configuring TACACS+ on the Switch Note on Encryption Keys Syntax: tacacs-server host < ip-addr > [key < key-string &

TACACS+ Authentication Configuring TACACS+ on the Switch Name Default Range host <ip-addr> [key <key-string> none n/a Specifies the IP

TACACS+ Authentication Configuring TACACS+ on the Switch Name Default Range Name Default Range key <key-string> none (null) n/a Specifies

TACACS+ Authentication Configuring TACACS+ on the Switch The "10" server is now the "first-choice" TACACS+ authentication device.

TACACS+ Authentication How Authentication Operates To delete a per-server encryption key in the switch, re-enter the tacacs-server host command withou

TACACS+ Authentication How Authentication Operates Using figure 2-6, above, after either switch detects an operator’s logon request from a remote or d

Contents Getting Started Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Int

TACACS+ Authentication How Authentication Operates Local Authentication Process When the switch is configured to use TACACS+, it reverts to local auth

TACACS+ Authentication How Authentication Operates Using the Encryption Key General Operation When used, the encryption key (sometimes termed "ke

TACACS+ Authentication Controlling Web Browser Interface Access When Using TACACS+ Authentication For example, you would use the next command to confi

TACACS+ Authentication Messages Related to TACACS+ Operation Messages Related to TACACS+ Operation The switch generates the CLI messages listed below

TACACS+ Authentication Operating Notes  When TACACS+ is not enabled on the switch—or when the switch’s only designated TACACS+ servers are not acces

3 RADIUS Authentication and Accounting Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

RADIUS Authentication and Accounting Overview Overview Feature Default Menu CLI Web Configuring RADIUS Authentication None n/a 3-6 n/a Configu

RADIUS Authentication and Accounting Terminology Terminology CHAP (Challenge-Handshake Authentication Protocol): A challenge- response authentication

RADIUS Authentication and Accounting Switch Operating Rules for RADIUS Switch Operating Rules for RADIUS  You must have at least one RADIUS server a

RADIUS Authentication and Accounting General RADIUS Setup Procedure General RADIUS Setup Procedure Preparation: 1. Configure one to three RADIUS serv

2 TACACS+ Authentication Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Ov

RADIUS Authentication and Accounting Configuring the Switch for RADIUS Authentication Configuring the Switch for RADIUS Authentication RADIUS Authenti

RADIUS Authentication and Accounting Configuring the Switch for RADIUS Authentication Note This step assumes you have already configured the RADIUS s

RADIUS Authentication and Accounting Configuring the Switch for RADIUS Authentication 1. Configure Authentication for the Access Methods You Want RADI

RADIUS Authentication and Accounting Configuring the Switch for RADIUS Authentication For example, suppose you have already configured local passwords

RADIUS Authentication and Accounting Configuring the Switch for RADIUS Authentication 2. Configure the Switch To Access a RADIUS Server This section d

RADIUS Authentication and Accounting Configuring the Switch for RADIUS Authentication For example, suppose you have configured the switch as shown in

RADIUS Authentication and Accounting Configuring the Switch for RADIUS Authentication 3. Configure the Switch’s Global RADIUS Parameters You can confi

RADIUS Authentication and Accounting Configuring the Switch for RADIUS Authentication radius-server timeout < 1 .. 15 > Specifies the maximum ti

RADIUS Authentication and Accounting Local Authentication Process After two attempts failing due to username or password entry errors, the switch will

RADIUS Authentication and Accounting Controlling Web Browser Interface Access When Using RADIUS Authentication For local authentication, the switch us

Outline of the Steps for Configuring RADIUS Authentication . . . . . . 3-6 1. Configure Authentication for the Access Methods You Want RADIUS To Pro

RADIUS Authentication and Accounting Configuring RADIUS Accounting Configuring RADIUS Accounting RADIUS Accounting Commands Page [no] radius-server h

RADIUS Authentication and Accounting Configuring RADIUS Accounting (For 802.1x information for the switch, refer to “Configuring Port-Based Access Con

RADIUS Authentication and Accounting Configuring RADIUS Accounting  If access to a RADIUS server fails during a session, but after the client has be

RADIUS Authentication and Accounting Configuring RADIUS Accounting 1. Configure the Switch To Access a RADIUS Server Before you configure the actual a

RADIUS Authentication and Accounting Configuring RADIUS Accounting Because the radius-server command includes an acct-port element with a non default

RADIUS Authentication and Accounting Configuring RADIUS Accounting  Start-Stop: • Send a start record accounting notice at the beginning of the acc

RADIUS Authentication and Accounting Configuring RADIUS Accounting 3. (Optional) Configure Session Blocking and Interim Updating Options These optiona

RADIUS Authentication and Accounting Viewing RADIUS Statistics Viewing RADIUS Statistics General RADIUS Statistics Syntax: show radius [ host < ip

RADIUS Authentication and Accounting Viewing RADIUS Statistics Term Definition Round Trip Time The time interval between the most recent Accounting-

RADIUS Authentication and Accounting Viewing RADIUS Statistics RADIUS Authentication Statistics Syntax: show authentication Displays the primary and

1. Assigning a Local Login (Operator) and Enable (Manager) Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9 2. Generating t

RADIUS Authentication and Accounting Viewing RADIUS Statistics RADIUS Accounting Statistics Syntax: show accounting Lists configured accounting inter

RADIUS Authentication and Accounting Changing RADIUS-Server Access Order Figure 3-16. Example Listing of Active RADIUS Accounting Sessions on the Swit

RADIUS Authentication and Accounting Changing RADIUS-Server Access Order To exchange the positions of the addresses so that the server at 10.10.10.003

RADIUS Authentication and Accounting Messages Related to RADIUS Operation Messages Related to RADIUS Operation Message Meaning Can’t reach RADIUS ser

4 Configuring Secure Shell (SSH) Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Configuring Secure Shell (SSH) Overview Overview Feature Default Menu CLI Web Generating a public/private key pair on the switch No n/a page 4-

Configuring Secure Shell (SSH) Terminology Note SSH in the HP Procurve Series 4100GL switches is based on the OpenSSH software toolkit. For more info

Configuring Secure Shell (SSH) Prerequisite for Using SSH  PEM (Privacy Enhanced Mode): Refers to an ASCII-formatted client public-key that has been

Configuring Secure Shell (SSH) Public Key Formats Public Key Formats Any client application you use for client public-key authentication with the swit

6 Configuring Port-Based Access Control (802.1x) Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Configuring Secure Shell (SSH) Steps for Configuring and Using SSH for Switch and Client Authentication Switch Access Level Primary SSH Authentication

Configuring Secure Shell (SSH) Steps for Configuring and Using SSH for Switch and Client Authentication B. Switch Preparation 1. Assign a login (Oper

Configuring Secure Shell (SSH) General Operating Rules and Notes General Operating Rules and Notes  Public keys generated on an SSH client must be e

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation Configuring the Switch for SSH Operation SSH-Related Commands in This Section

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation Syntax: password < manager | operator | all > Figure 4-6. Example of Co

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation Notes When you generate a host key pair on the switch, the switch places the

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation For example, to generate and display a new key: Host Public Key for the Switch

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation distribution to clients is to use a direct, serial connection between the swit

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation 4. Add any data required by your SSH client application. For example Before s

Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation Hexadecimal "Fingerprints" of the Same Switch Phonetic "Hash&qu