Enforcing Switch Security
Network Access Security
Access Control Types | 6200yl 5400zl 3500yl | 5300xl | 3400cl | 2800 | 4100gl |
|
| 4200vl | 6400cl | 2600 |
|
|
|
|
|
| |
X | X* | ||||
(up to 32 authenticated clients per port) |
|
|
|
|
|
|
|
|
|
|
|
X | X | X | X | X | |
(one authenticated client opens the port) |
|
|
|
|
|
|
|
|
|
|
|
switch operation as a supplicant | X | X | X | X | X |
|
|
|
|
|
|
* On the 5300xl switches, this feature is available with software release E.09.02 and greater.
Refer to the chapter titled “Configuring
These features provide
■port security: Enables configuration of each switch port with a unique list of the MAC addresses of devices that are authorized to access the network through that port. This enables individual ports to detect, prevent, and log attempts by unauthorized devices to communicate through the switch. Some switch models also include eavesdrop prevention in the port security feature.
■MAC lockdown: This “static addressing” feature is used as an alternative to port security for to prevent station movement and MAC address “hijacking” by allowing a given MAC address to use only one assigned port on the switch. MAC lockdown also restricts the client device to a specific VLAN.
■MAC lockout: This feature enables blocking of a specific MAC address so that the switch drops all traffic to or from the specified address.
■IP lockdown: Available on Series 2600 and 2800 switches only, this feature enables restric- tion of incoming traffic on a port to a specific IP address/subnet, and denies all other traffic on that port.
Refer to the chapter titled “Configuring and Monitoring Port Security” in the Access Security Guide for your switch model.
Key Management System (KMS)KMS is available in several ProCurve switch models and is designed to configure and maintain key chains for use with
18