HP procurve 5300xl Series Access Security Manual

Also see for ProCurve 5300xl: Specification sheet Supplementary guide Management and configuration guide Management guide Access security guide

Getting StartedIntroductionIntroductionThis Access Security Guide is intended for use with the HP Procurve SwitchSeries 5300XL devices.The Product Documentation CD-ROM shipped with the switch includes thisguide. You can also download the latest version from the HP ProCurvewebsite. (Refer to “Getting Documentation From the Web” on page 1-8.)Overview of Access Security Features■ Local Manager and Operator Passwords (page 2-1): Control accessand privileges for the CLI, menu, and web browser interfaces.■ Web and MAC Authentication (page 3-1): Provides user or deviceauthentication through a RADIUS server without requiring the client touse 802.1x supplicant software.■ TACACS+ Authentication (page 4-1): Uses an authentication application on a server to allow or deny access to Series 5300XL switch.■ RADIUS Authentication and Accounting (page 5-1): Uses RADIUSauthentication on a central server to allow or deny access to the switch.RADIUS also provides accounting services for sending data about useractivity and system events to a RADIUS server.■ Secure Shell (SSH) Authentication (page 6-1): Provides encryptedpaths for remote access to switch management functions.■ Secure Socket Layer (SSL) (page 7-1): Provides remote web access tothe switch via encrypted authentication paths between the switch andmanagement station clients capable of SSL/TLS operation.■ Port-Based Access Control (802.1x) (page 8-1): On point-to-pointconnections, enables the switch to allow or deny traffic between a portand an 802.1x-aware device (supplicant) attempting to access the switch.Also enables the switch to operate as a supplicant for connections to other802.1x-aware switches.■ Port Security (page 9-1): Enables a switch port to maintain a unique listof MAC addresses defining which specific devices are allowed to accessthe network through that port. Also enables a port to detect, prevent, andlog access attempts by unauthorized devices.■ MAC Lockdown (page 9-18): Permanently assigns a device MACaddress to a specific port on the switch to restrict a client device to aspecific port.1-2