Switch Port Security | HP Networking TopTool Products instruction

Setting Up Security for a Device

Switch Port Security

Figure 14-6. Hub Intrusion Log

Switch Port Security

Using Port Security, you can configure each switch port with a unique list of the MAC addresses of devices that are authorized to access the network through that port. This enables individual ports to detect, prevent, and log attempts by unauthorized devices to communicate through the switch.

Basic Operation

The default port security setting for each port is off. That is, any device can access a port without causing a security reaction. However, on a per-port basis, you can configure security measures to block unauthorized connections or “listening”, and to send notice of security violations. Once you have configured port security, you can then monitor the network for security violations through one or more of the following:

■Intrusion flags that are captured by network management tools such as HP TopTools for Hubs & Switches

■Alert log entries in the switch's web browser interface

■Event Log entries in the console interface

■Intrusion Log entries in either the switch's web browser interface or console interface

For any port you can configure the following:

■Authorized Addresses: Specify up to eight devices (MAC addresses) that are allowed to send inbound traffic through the port. This feature does the following:

•Closes the port to inbound traffic from any unauthorized devices that are connected to the port.

14-11

Image 191

HP Networking TopTool Products manual Switch Port Security, Basic Operation

Contents

HP TopTools for Hubs & Switches User Guide Page User Guide HP TopTools for Hubs & Switches Applicable Product Contents Device Topology Node Port Table Listing Devices Configuring PollingHardware and Software Requirements Locating a Node Custom Groups Searching for Devices Top Conversations Inventory of End Nodes Monitoring Network Traffic Overview Basic Operation Quality of Service Viii Managing Switches Performing Diagnostics Appendix a How to Update the Map Files Quick Start Starting HP TopTools for Hubs Switches Quick Start Getting Around in HP TopTools Maps Viewing Your Network DevicesDevices Policies Quality of ServiceUsing the Panner Examining Alerts Configuration Policies List of Networking Devices Configuring and Monitoring Devices T e Traffic Monitor Viewing Network Traffic Top Talkers Optimizing Your NetworkNetwork Meter How to Get Support Topics covered in this chapter include IntroductionIntroduction to HP TopTools Introduction HP TopTools for Hubs & Switches Ware running and know how to use your network utilities HP TopTools for Hubs & Switches Home Viewing a List of Devices Network Devices Features Group Policies Network TrafficNetwork Growth HP Devices Supported Snmp J2611A HP Switches Supported Learning to Use HP TopTools HP TopTools Technical Product Support HP Procurve Switches & Hubs Technical Support Introduction Requirements System RequirementsHardware and Software Requirements System Requirements System Requirements Beginning Discovery Discovering Your Devices Discovering Your Devices Discovery StatusSelecting Networks Adding Devices for Discovery Networks Page of Settings for Discovery Settings Page of Settings Discovery Configuring Discovery Settings Additional Community Names Troubleshooting Discovery Inventory of Devices This chapter contains information on Interpreting the Alert Log Automatic Fault FindingAlerts Alerts Alerts Fault Description, Cause and Actions Common Faults Check for faulty cabling, transceivers, and NICs Closing Alerts Launching the Device ViewAcknowledging Alerts Selecting Alert Log Filters First Time Installation InformationFiltering Alerts Sorting Alerts Filtering by Device Selecting Alert Log Filters TopologyFiltering by Alert State Filtering by Alert Severity Click on the + or boxes to add or remove search criteria Selecting Alert Log Filters Custom GroupsSelecting Alert Log Filters Search Search Configuring Action on Alerts Configure Actions on Alerts Deleting Closed Alerts Alerts Listing Devices Networking Devices Communication from the list Configuring Polling Device Communication Settings Selecting Actions for Devices SNMP/Trap Configuration Thresholds Dialog Box Device Topology Topology of Networking Devices Write in order for your devices to be mapped Custom Groups When a link has been clicked on, it is no longer blueNode Port Table Custom Groups Searching for Devices Search Networking Devices Creating Groups Group Policies Group Policies Viewing the Devices in a GroupMembers of a group Modifying a Group Adding a Group Adding a Device to a Group Group Configuration Modify Group Changing the Group Name Removing a Device from a Group Main Configuration Policies Configuring Group Policies Snmp System Information General Configuration Policies Checking Firmware Versions Alert Configuration Policies Removing Trap Receivers Setting Fault SensitivitySending Alerts to the HP TopTools Management Station Advanced Switch Features Automatic Broadcast Control ABC Advanced Switch Features Enabling Broadcast Control for IPX Enabling Broadcast Control for IP Internet Group Management Protocol Igmp Automatic IP Gateway Configuration Forward with High Priority Security Configuration PoliciesSpanning Tree Protocol Communities Security Policies Adding a Community Adding or Deleting an Authorized Manager Configuring Authorized ManagersModifying a Community Deleting a Community Displaying Maps Viewing Your Maps Viewing Your Maps Map Server Settings Automatic Map Generation Default View Map Styles Cluster Size Spacing Launching a Map Launching the Device View Using the Panner Options-Labeling SNMP/Trap ConfigurationOptions for Displaying Maps Options Refresh Maps Options-Legend Locating a NodeChanging Map Views Monitor Viewing Your Maps Monitoring Network Traffic Using Traffic Monitor Monitoring Network Traffic Traffic Monitor Main Reading the Segment Histogram Reading the Traffic Information Gauges Comparing Segments Across Different Medias Setting ThresholdsSelecting Segment Groups and Segments Thresholds Window Displaying the Network Meter Options Button Who Are the Top 5 Talkers? Top 5 Talkers Other Top Talkers Not in Selected Minute Data sampler for this segment OthersTop5 View Menu Items Locating a Segment or End Node Traffic Data Collector Settings Discovery/Topology Data Automatic is checked Automatic MonitoringManual Monitoring Remove All Devices Configuring Ports for Manual MonitoringAdding Ports for Manual Monitoring Removing Selected Devices Traffic Data Storage Traffic Data Collector Storage Settings Traffic Data Collector Performance Traffic Data Collector Performance Troubleshooting Traffic Monitor Connection to Server Lost Monitoring Network Traffic This chapter includes the following topics Planning for Network GrowthMeeting the Challenges Planning for Network Growth Using Network ToolsPlanning with the Network Performance Advisor 10-3 Starting the Network Performance Advisor Welcome Page for Network Performance Advisor Creating a New Report Report Generation Page of Network Performance Advisor Modifying Your Settings 10-6 To cancel a report, click on the Cancel analysis buttonWorsen network performance during periods of normal use You can only create one report at a time Report Properties Section Viewing a Report With Data Available Summary of Recommendations Section 10-9 Reorganize Your Current Equipment Recommendation Details Section 10-11 Dividing Segments into Workgroups Add or Upgrade EquipmentHow the Data is Analyzed Traffic pattern before dividing into workgroups 10-14 Traffic Pattern after Dividing into Workgroups Dedicating Bandwidth to Top Talkers Converting Segments to Desktop SwitchingTop Conversations Upgrading Segments to Faster Speed Media Top Conversations 10-17 Inventory of End Nodes May not be valid When There Are No RecommendationsAdministration Controlling Data Storage Understanding HP Sampling How the Network Performance AdvisorCollects Data 10-20 Potential Problems with Data Collection Segments not Selected for Analysis Segments Excluded from AnalysisSegments that do not have Devices with Sampling Capability Overview Quality of Service Switch using the switchs web browser or console interface HP Procurve Switch 8000MHP Procurve Routing Switch 9308M and 9304M HP Procurve Routing Switch 6308M-SX and 6208M-SX 11-3 Basic OperationHP TopTools QoS operates on two levels as described below Configuring QoS for Specific Devices IP Addresses Viewing All Currently Configured QoS Policies Adding a Policy for an IP Address Adding a Policy for a Specific IP Address 11-6 Configuring a QoS Policy for IP Type Service ToSToS Configuration Options Outbound ToS Option Procurve Differentiated ServicesSwitch Ports 11-7 Vlan How To Configure a ToS Policy DECNet AppleTalk Configuring a QoS Policy for Specific Protocols QoS Policy for a Specific Protocol Click on the Return button to return to the Main QoS Configuring a QoS Policy for a Specific 11-12 Device Management Features Accessing Hub Features 12-2 Accessing Hub FeaturesViewing Device Identity Information Reading the Performance Gauges Interpreting Device Status Performance Gauges for a Hub Gauge Attributes Switching Hub Global CountersGlobal Counters Hub Global Counters Counter Description Counters are described in the following tableGlobal Counters 12-6 See the online help for information on each counter Configuring Your DevicePort Counters Hub Device View Fault Detection System Information Configuring IP 12-10 Hub IP ConfigurationSwitching Hub IP Configuration Port Information Port ConfigurationSetting Description Information is described in the following table Backup Links Bridge Enable/Disable Parameter Description Configuring Load Balancing-Switching HubsBackup Link Parameters Select Technical Support Support URL 12-15 12.The Support 12-16 This chapter has information on Managing SwitchesDisplaying Switch Status Status Overview Graph Area Managing Switches Alert Log Area Port Status 13-4 Port Status settings are described in the following tablePort Status Settings Identity Page for HP Switch 800T Switch Identity Information Device View Configuring Switch Features Device View for the HP Procurve Switch 2424M Characteristics of Bootp and Dhcp IP Configuration 13-9 Help for that device 13-10 Class of ServicePort Settings 13-11 Using VLANs to Maximize the CoS BenefitIs, CoS enables you to When it is received on the switch 13-12 DefinitionsBasic Operation CoS Priority Default Vlan as a tagged VlanQoS Setting Outbound Port Queue Operation Tagged Vlan TopTools Switch QueuesCriteria for Prioritizing Outbound Packets Priority Mapping Table Priority Criteria and Precedence Steps for Configuring CoS PriorityGuidelines for Configuring CoS Priorities 13-16 Assigning a Monitoring Port Monitoring Selected Ports on a Switch Setting Device Features HP Procurve Stack Management 11.Configuration Page for HP 8000M as Commander of a Stack Benefits of Stack Management Vlan ConfigurationStack Management with VLANs Removing a Vlan Enabling VLANsAdding a Vlan Renaming a Vlan Confirm removal of the Vlan Modifying Port Vlan ConfigurationEnabling Gvrp Security 13-23 Support/Management URLsSupport URL 13-24 Management Server URL Device Passwords Setting Up Security for a Device Setting Up Security for a Device Manager/Operator Password Combinations Function of Community Names Password SettingsPasswords Read Write Results Protected Set Snmp Community Names This improves the Discovery process Configuring for Community NamesSelect the Additional Devices tab Run Discovery again Hub Port Security Address Selection Eavesdrop Prevention Send AlarmAuthorized Address 14-9 Setting Security Policy for Selected PortsDisable Port Hub Intrusion Log Setting the Security Policy for Selected Ports Basic Operation Switch Port Security Port Security Control Parameters Configuring Port Security-Planning 14-13 Learn Mode 14-14 Configuring Authorized IP Managers 14-15 Access LevelsOverview of IP Mask Operation Defining Authorized Management Stations Enter an Authorized Manager IP address Configuring Port Security Port Security Overview Click on the Apply Changes button Switch Intrusion LogSelect Yes to Prevent Eavesdropping 10.Security Violation Entries in the Alert Log How the Intrusion Log Operates Keeping the Intrusion Log Current by Resetting FlagsOperating Notes for Port Security Identifying the IP Address of an Intruder Security Violations Proxy Web Servers 14-22 Performing a Ping/Link Test Performing Diagnostics Performing Diagnostics Rebooting a Device Device Reboot Resetting a Hub to Factory Default Settings 15-4 Resetting a Switch 15-5 Producing a Configuration Report 15-6 Downloading Software Software Update UtilityHP Procurve Switches HP Procurve Hubs Other HP Switches Downloading Software Starting the Software Update UtilityActions button and select Update Firmware 16-3 Obtaining the Software from the Web Accepting the Licensing Agreement Software updates are downloaded to 16-5 Scheduling the Software Update Downloading Software Alert Log Showing Successful Software Update Device types HP Download ManagerObtaining New Software from HP Download Control Make sure you leave the CD in the drive Time, and click OK 16-11 How to Update the Map FilesNew software version data 16-12 Appendix a contains the following topics Appendix aAgent Firmware Versions Verifying Device Agent Versions IP Networks Preparing Network DevicesDevice Network Addresses IPX Networks Globally Assigned IP Network Addresses Configuring IP Parameters T e Network Bootp Server Appendix a Index-1 Index Index-2 Full Network button … Index-3 Index-4 Index-5 Index-6 Index-7 Index-8 Undo Last Load Balancing … 12-13 Update Discovery …