Getting Started

Overview of Access Security Features

Table 1-1. Management Access Security Protection

Security Feature

Offers Protection Against Unauthorized Client Access to

Offers Protection

 

 

Switch Management Features

 

Against

 

Connection

Telnet

SNMP

Web

SSH

Unauthorized Client

 

Access to the

 

 

 

(Net Mgmt)

Browser

Client

 

 

 

Network

 

 

 

 

 

 

Local Manager and Operator

PtP:

Yes

No

Yes

Yes

No

Usernames and Passwords1

Remote:

Yes

No

Yes

Yes

No

 

TACACS+1

PtP:

Yes

No

No

Yes

No

 

Remote:

Yes

No

No

Yes

No

RADIUS1

PtP:

Yes

No

No

Yes

No

 

Remote:

Yes

No

No

Yes

No

 

 

 

 

 

 

 

SSH

Ptp:

Yes

No

No

Yes

No

 

Remote:

Yes

No

No

Yes

No

 

 

 

 

 

 

 

SSL

Ptp:

No

No

Yes

No

No

 

Remote:

No

No

Yes

No

No

 

 

 

 

 

 

 

Port-Based Access Control (802.1X)

PtP:

Yes

Yes

Yes

Yes

Yes

 

Remote:

No

No

No

No

No

 

 

 

 

 

 

 

Port Security (MAC address)

PtP:

Yes

Yes

Yes

Yes

Yes

 

Remote:

Yes

Yes

Yes

Yes

Yes

 

 

 

 

 

 

 

Authorized IP Managers

PtP:

Yes

Yes

Yes

Yes

No

 

Remote:

Yes

Yes

Yes

Yes

No

1 The local Manager/Operator, TACACS+, and RADIUS options (direct connect or modem access) also offer protection for serial port access.

General Switch Traffic Security Guidelines

Where the switch is running multiple security options, it implements network traffic security based on the OSI (Open Systems Interconnection model) precedence of the individual options, from the lowest to the highest. The following list shows the order in which the switch implements configured security features on traffic moving through a given port.

1.Disabled/Enabled physical port

2.MAC lockout (applies to all ports on the switch)

3.MAC lockdown

4.Port security

5.Authorized IP Managers

6.Application features at higher levels in the OSI model, such as SSH

(The above list does not address the mutually exclusive relationship that exists among some security features.)

1-4

Page 20
Image 20
HP 2626 (J4900A/B), 4100gl, 2600-PWR, 6108 General Switch Traffic Security Guidelines, Management Access Security Protection