Enforcing Switch Security

Network Access Security

Switch Model

Source-Port

Protocol

Multicast

 

Filters

Filters

Filters

 

 

 

 

Series 6400cl

X

--

--

 

 

 

 

Series 5400zl

X

X

X

 

 

 

 

Series 5300xl

X

X

X

 

 

 

 

Series 4200vl

X

--

--

 

 

 

 

Series 3500yl

X

X

X

 

 

 

 

Series 3400cl

X

--

--

 

 

 

 

Series 2800

X

--

--

 

 

 

 

Series 2600

X

--

--

 

 

 

 

source-port filters: Inbound traffic from a designated, physical source-port will be forwarded or dropped on a per-port (destination) basis.

multicast filters: Inbound traffic having a specified multicast MAC address will be forwarded to outbound ports or dropped on a per-port (destination) basis.

protocol filters: Inbound traffic having the selected frame (protocol) type will be forwarded or dropped on a per-port (destination) basis.

Refer to the chapter titled “Traffic/Security Filters” in the Access Security Guide for your switch model.

802.1X Access Control

This feature provides port-based or client-based authentication through a RADIUS server to protect the switch from unauthorized access and to enable the use of RADIUS-based user profiles to control client access to network services. Included in the general features are the following:

client-based access control supporting up to 32 authenticated clients per-port

port-based access control allowing authentication by a single client to open the port

switch operation as a supplicant for point-to-point connections to other 802.1X-aware switches

The following table shows the type of access control available on the various ProCurve switch models:

17

Page 27
Image 27
HP 3400CL-24G manual 802.1X Access Control