Security Overview

Access Security Features

Feature

Default

Security Guidelines

More Information and

 

Setting

 

Configuration Details

 

 

 

 

802.1X Access

none

This feature provides port-based or user-based

Chapter 13 “Configuring

Control

 

authentication through a RADIUS server to protect the

Port-Based and User-Based

 

 

switch from unauthorized access and to enable the use

Access Control (802.1X)”

 

 

of RADIUS-based user profiles to control client access

 

 

 

to network services. Included in the general features are

 

 

 

the following:

 

 

 

user-based access control supporting up to 32

 

 

 

authenticated clients per port

 

 

 

port-based access control allowing authentication

 

 

 

by a single client to open the port

 

 

 

• switch operation as a supplicant for point-to-point

 

 

 

connections to other 802.1X-compliant ProCurve

 

 

 

switches

 

 

 

 

 

Web and MAC

none

These options are designed for application on the edge

Chapter 4, “Web and MAC

Authentication

 

of a network to provide port-based security measures

Authentication”

 

 

for protecting private networks and the switch itself

 

 

 

from unauthorized access. Because neither method

 

 

 

requires clients to run any special supplicant software,

 

 

 

both are suitable for legacy systems and temporary

 

 

 

access situations where introducing supplicant

 

 

 

software is not an attractive option.

 

 

 

Both methods rely on using a RADIUS server for

 

 

 

authentication. This simplifies access security

 

 

 

management by allowing you to control access from a

 

 

 

master database in a single server. It also means the

 

 

 

same credentials can be used for authentication,

 

 

 

regardless of which switch or switch port is the current

 

 

 

access point into the LAN. Web authentication uses a

 

 

 

web page login to authenticate users for access to the

 

 

 

network. MAC authentication grants access to a secure

 

 

 

network by authenticating device MAC addresses for

 

 

 

access to the network.

 

 

 

 

 

1-6