Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP Networking TopTool Products Configuring Port Security—Planning, Table 14-3.Port Security Control Parameters

1 234

Download 234 pages, 8.75 Mb

Setting Up Security for a Device

Switch Port Security

• Automatically sends notice of an attempted security violation to the switch's Intrusion Log and to the Alert Log in the switch's web browser interface.

• Sends an SNMP trap notifying of an attempted security violation to a

	network management station. For more information on configuring
	the switch for SNMP management, see the Management and Config-
	uration Guide you received with the switch.
	■ Prevent Eavesdropping: Block outbound traffic with unknown destina-
	tion addresses from exiting through the port. This prevents an unautho-
	rized device on the port from eavesdropping on the flooded unicast traffic
	intended for other devices.

N o t e	The switch security measures block unauthorized traffic without disabling the
	port. This implementation enables you to apply the security configuration to
	ports on which hubs or other switches are connected, and to maintain security
	while also maintaining network access to authorized users.
	Configuring Port Security—Planning
	Configuring Port Security—Planning
	Plan your port security configuration and monitoring according to the
	following:
	■ On which ports do you want to configure intruder security?
	■ Which devices (MAC addresses) are authorized on each port?
	■ For each port, what security actions do you want:
	• Block intruders from transmitting to the network?
	• Prevent intruders from eavesdropping on network traffic?
	■ How do you want to learn of the security violation attempts the switch
	detects:
	• Through network management, that is, do you want an SNMP trap
	sent to a network management station when a port detects a security
	violation attempt?
	• Through the switch's web browser interface (Alert Log and Intrusion
	Log)?
	• Through the Event Log and the Intrusion Log in the switch console
	interface?
	Use the web browser interface and/or the switch console to configure port
	security. The following table describes the parameters.
	Table 14-3. Port Security Control Parameters

ParameterDescription

Port	Identifies the switch port to view or configure for port security

14-12

Contents

Page Page HP TopTools for Hubs & Switches Page 1 Quick Start 2 Introduction 3 System Requirements 4 Discovering Your Devices 5 Alerts 6 Networking Devices 8 Viewing Your Maps 10 Planning for Network Growth 11 Quality of Service 12 Accessing Hub Features 13 Managing Switches 14 Setting Up Security for a Device Page A Appendix A Quick Start Figure 1-1.Home Page for HP TopTools for Hubs & Switches Getting Around in HP TopTools back Use the tabs or buttons at the top of a page to go quickly from task to task Click on the Home button and select Hubs & Switches Home to return to the HP Viewing Your Network Devices Devices Devices Devices by Type Properties Using the Panner Class of Service Policies Configuration Policies Configuration Policies Examining Alerts Figure 1-3.Alert Log View Alerts Configure Action on Alerts Configuring and Monitoring Devices Device by Type Properties (Device View) Actions Figure 1-4.List of Networking Devices N o t e Figure 1-5.Device View - Status Page Select All Ports Viewing Network Traffic Performance Traffic Monitor Figure 1-6.Traffic Monitor Page Network Meter Top Talkers How to Improve Performance Planning for Network Growth How to Get Support Product support is also available on the World Wide Web. The URL is: http://www.hp.com/go/procurve Click on Technical Support. The information available at this site includes: ■HP network device MIBs Introduction Figure 2-1.HP TopTools Home Page HP TopTools for Hubs & Switches Figure 2-2.HP TopTools for Hubs & Switches Home Page This User Guide will help you get started with HP TopTools for Hubs & Switches. We assume that you have supervisory access to your network what an “IP” (Internet Protocol) or “IPX” (Internetwork Packet Exchange ware running and know how to use your network utilities Network Devices Features Viewing a List of Devices Figure 2-3.The Networking Devices List See the chapter Networking Devicesfor more information on managing devices See the chapter Accessing Hub Featuresfor information about configuring hubs Network Traffic Traffic Monitor Network Growth HP Devices Supported Table 2-1.HP Hubs and Bridges Supported Page Table 2-2.HP Switches Supported Learning to Use HP TopTools The following information is available for learning HP TopTools for Hubs & Switches: HP TopTools Technical Product Support http://www.hp.com/go/hpprocurve Figure 2-4.HP Procurve Switches & Hubs Technical Support Page Page System Requirements installing TopTools. Do not use either a static or dynamic IP address Discovering Your Devices Figure 4-1.Status Page of Settings for Discovery Discovery Status Start Discovery Save Settings Selecting Networks Figure 4-2.Networks Page of Settings for Discovery Adding Devices for Discovery Additional Devices Add Device Configuring Discovery Settings ■IP—Discoversall IP devices in your network •Ping Discovery—Pingpackets are sent to discover every device on the subnet Web Server •WMI (WBEM) Discovery—Checksfor PCs that support WMI Troubleshooting Discovery Others Devices - Device Types 2.Select Security ->Set SNMP Passwords (Communities) from the menu Update Discovery Inventory of Devices Inventory Alerts Figure 5-1.Alerts Page Table 5-1.Common Faults Page Fault Detection The sensitivity settings are: High Sensitivity ■Medium Sensitivity: The device will act when serious network problems occur Medium Sensitivity First Time Installation Information Filtering by Alert State Filtering by Alert Severity Filtering by Device Figure 5-3.Select Alert Log Filters — Topology Page Selecting Alert Log Filters - Custom Groups Selecting Alert Log Filters - Search Click on the + or - boxes to add or remove search criteria Figure 5-4.Search Page Configuring Action on Alerts Configure Action on Alerts Figure 5-5.Configure Actions on Alerts Page Deleting Closed Alerts Page Networking Devices Figure 6-1.List of Networking Devices window installed Configuring Polling Polling a device involves sending a request to the device and waiting for a response. If the device does not respond to a request within a certain time tion page To start configuring polling for devices: Figure 6-2.Device Communication Settings Do Not Change Suspend All Polling Resume Polling Selecting Actions for Devices View ■Check Connectivity (Ping)—Useping to test the network connection to a device Set Friendly Name—Createan easy-to-remembername for a device Add to Custom Group—Adda device to a custom group Device Topology and WRITE in order for your devices to be mapped Figure 6-4.The Topology of Networking Devices You can choose how to display the topology hierarchy by selecting from the Show drop down list at the top of the page: Network—Displays Node Port Table Node Port Table ■Node address ■Port number of the selected device ■Type of port, for example, 10Base-T Searching for Devices Figure 6-7.Search Page Page Group Policies Figure 7-1.Main Page of Group Configuration members of a group Viewing the Devices in a Group View Devices View Group Members Adding a Group Add Group New Group Name Figure 7-2.Add Group Page Modifying a Group Adding a Device to a Group Removing a Device from a Group Changing the Group Name Configuring Group Policies Configuration Policies Policies - Automatic Configuration Management of Hubs & Switches Figure 7-5.Main Configuration Policies Page General Configuration Policies SNMP System Information General General Polices ■sysContact—Theperson to contact about this group of devices Alert Configuration Policies Alert Policies See SNMP Configurationfor information about setting traps ■linkDown: Communication was lost on a device interface ■linkUp: Communication was regained on a device interface Sending Alerts to the HP TopTools Management Station Removing Trap Receivers Advanced Switch Features Advanced Switch Features button in the Configuration Policies main page. The Advanced Switch Features ■Automatic Broadcast Control (ABC) Figure 7-8.Advanced Switch Features Page Automatic Broadcast Control (ABC) Enabling Broadcast Control for IP Enabling Broadcast Control for IPX Automatic IP Gateway Configuration Forward with High Priority Adding a Community Modifying a Community Deleting a Community Configuring Authorized Managers Adding or Deleting an Authorized Manager Viewing Your Maps Figure 8-1.Network List for Displaying Map Views Map Server Settings Preferences View Automatic Map Generation Default View Cluster Size Spacing Device View When you right-mouse-clickon a segment you can select Show Segment Map The buttons at the bottom of the map are: ■Options—seebelow for a description of this feature Using the Panner Show Panner Launching the Device View Use the tabs to view or change device settings, or to display device counters SNMP/Trap Configuration Options— Refresh Maps Options—Labeling Options—Legend Figure 8-4.Locate a Specific Node in a Map Monitor Page Monitoring Network Traffic Figure 9-1.Traffic Monitor Main Page The five statistical attributes sampled by Traffic Monitor are: Utilization% Frames/sec Errors/sec Reading the Traffic Information Gauges ■green: value for the attribute is within the normal range ■yellow: value has exceeded the normal range, but is not critical ■red: value is in the critical range. Corrective action may be needed Comparing Segments Across Different Medias Figure 9-2.Thresholds Window Segments Defaults Displaying the Network Meter Net Meter Hide Net Meter Who Are the Top 5 Talkers Figure 9-3.Top 5 Talkers You can display graphs for each of the measured attributes showing: ■Top Sources (default) ■Top Destinations ■Top Connections ■The layer 3 or layer 2 (MAC) address ■The direction of data flow (the source and destination nodes) Here is an example of information that you might see in the legend: ETHER 00:00:10:44:36:12 (DOD IP) Other Top Talkers Not in Selected Minute Others Top5 View Menu Items Table 9-1.Functions of the Top5 Menu Locating A Segment or End Node Traffic Data Collector Settings Configuration Automatic Monitoring Manual Monitoring Adding Ports for Manual Monitoring Configuring Ports for Manual Monitoring Removing Selected Devices Remove All Devices Traffic Data Storage Storage Current Storage Status on Server Historic Traffic Data Default Values Traffic Data Collector Performance High Resource Medium Resource Low Resource Apply changes Troubleshooting Traffic Monitor Connection to Server Lost Settings - TopTools Services Refresh Ctrl-Refresh Page Planning for Network Growth Using Network Tools Planning with the Network Performance Advisor inventory report Reorganize Your Current Equipment —suggests Starting the Network Performance Page Page Page Page Page Reorganize Your Current Equipment Recommendation Details Section A “before” representation of the network might look like the following figure: The “after” representation would look like the following figure: Add or Upgrade Equipment How the Data is Analyzed Dividing Segments into Workgroups Figure 10-7.The traffic pattern before dividing into workgroups Figure 10-8.The Traffic Pattern after Dividing into Workgroups Converting Segments to Desktop Switching Upgrading Segments to Faster Speed Media Dedicating Bandwidth to Top Talkers One or more of the end nodes was not found by the discovery/topology process The segment was not discovered by HP TopTools Figure 10-9.Top Conversations Page Inventory of End Nodes Figure 10-10.InventoryReport When There Are No Recommendations If the Add and Upgrade Equipment Report determines that, based on the this time. If you think that your network may need performance improve may not be valid Adding devices that can sample data to high traffic segments that do not How the Network Performance Advisor Collects Data during the past hour Understanding HP Sampling network performance all Figure Apply Changes Potential Problems with Data Collection Segments Excluded from Analysis Segments that do not have Devices with Sampling Capability Segments not Selected for Analysis Quality of Service ■ HP Procurve Switch 8000M ■ HP Procurve Routing Switch 9308M and 9304M ■ HP Procurve Routing Switch 6308M-SXand 6208M-SX features can also be configured on an individual switch using the switch's of Service (QoS) to refer to HP TopTools network-wideprioritization, and Basic Operation HP TopTools QoS operates on two levels as described below High-priority packets leave a port first Normal-priority Viewing All Currently Configured QoS Configuring QoS for Specific Devices (IP Addresses) IP Device Address features: ■Node—ListsIP devices by device name or IP address Figure 11-2.Adding a Policy for an IP Address Adding a Policy for a Specific IP Address In the Main QoS page click on IP Address Add New Policy Configuring a QoS Policy for IP Type of Service (ToS) ■Use the Precedence bits to prioritize a packet (ToS IP precedence option) ToS Configuration Options ToS policy configuration includes three options: Figure 11-3.Qos Policy for IP Type of Service (ToS) How To Configure a ToS Policy IP ToS IP Type of Service Apply IP ToS Policy Configuring a QoS Policy for Specific Protocols ■IP ■IPX ■ARP ■DECNet Figure 11-4.QoS Policy for a Specific Protocol To modify a protocol: Protocol Use the Priority 6.Click on OK to return to the Protocol Policy page Configuring a QoS Policy for a Specific VLAN VLAN Page Accessing Hub Features Figure 12-1.Hub Status Overview Page Viewing Device Identity Information Identity System Information Interpreting Device Status Reading the Performance Gauges Performance Gauges Figure 12-3.Performance Gauges for a Hub All Ports Hub Global Counters Switching Hub Global Counters Figure 12-4.Hub Global Counters The counters are described in the following table Table 12-2.Global Counters Port Counters Port Counters Configuring Your Device Telnet Figure 12-6.Hub Device View meaning behind the port icons Fault Detection High Sensitivity: Low Sensitivity Figure 12-7.Fault Detection Sensitivity Settings System Information Configuring IP Hub IP Configuration Switching Hub IP Configuration Port Configuration Figure 12-9.Hub Port Configuration The information is described in the following table Table 12-3.Port Information Bridge Enable/Disable between the 10 Mbps and 100 Mbps segments in the hub You may want to disable the bridge: ■ To connect the segments via and external switch ■ To simplify the network for troubleshooting Backup Links Add New Backup Link Table 12-4.Backup Link Parameters Configuring Load Balancing—SwitchingHubs Load Balancing Figure 12-11.LoadBalancing in a Switching Hub Support URL Select Technical Support Page Page Managing Switches Graph Area Alert Log Area Figure 13-2.Switch Port Status The Port Status settings are described in the following table Table 13-1.Port Status Settings Switch Identity Information Figure 13-3.Identity Page for HP Switch 800T Figure 13-4.Switch Status Page with Network Interfaces Configuring Switch Features Device View Figure 13-5.Device View for the HP Procurve Switch 2424M High Sensitivity Medium Sensitivity Low Sensitivity Never Characteristics of Bootp and DHCP Modify Selected Ports help for that device Figure 13-7.Switch Port Configuration Table 13-2.Port Settings Class of Service Using VLANs to Maximize the CoS Benefit Definitions Basic Operation Policy Options for Extending Traffic Priority Control to Outbound Packets Traveling to Downstream Devices default VLAN as a tagged VLAN Priority Settings for Outbound Packets. You can configure a CoS port, the CoS priority determines which outbound queue the packet uses Criteria for Prioritizing Outbound Packets Guidelines for Configuring CoS Priorities Assigning a Monitoring Port Figure 13-9.Monitoring Selected Ports on a Switch Setting Device Features Internet Group Management Protocol Figure 13-10.SwitchDevice Features Page console), select a VLAN for which the features will apply switches. Setting features individually, for example, Spanning Tree, could create problems with your network HP Procurve Stack Management Figure 13-11.ConfigurationPage for HP 8000M as Commander of a Stack Stack Management with VLANs Benefits of Stack Management Enabling VLANs Adding a VLAN Renaming a VLAN Removing a VLAN Modifying Port VLAN Configuration Enabling GVRP Security Support URL Management Server URL Setting Up Security for a Device Figure 14-1.Device Passwords Page There are two categories of passwords: Operator (Read Manager/Operator Password Combinations Table 14-1.Password Settings The Function of Community Names Security Configuration Policies Figure 14-2.Set SNMP Community Names Page Configuring for Community Names Discovery 3.Select the Additional Devices tab Device Types All Devices Hub Port Security Port Security Figure 14-3.Hub Port Security Page Address Selection Table 14-2.How Authorized Addresses are Discovered Continuous First Heard Authorized Address Eavesdrop Prevention Set Security Policy for Selected Ports yes Prevent Eavesdropping Setting Security Policy for Selected Ports Figure 14-5.Setting the Security Policy for Selected Ports The Hub Intrusion Log Figure 14-6.Hub Intrusion Log Switch Port Security Basic Operation off Configuring Port Security—Planning Table 14-3.Port Security Control Parameters Page Configuring Authorized IP Managers ■Access the switch's web browser interface ■Telnet into the switch's console interface ■Perform TFTP transfers of configurations and software updates into the switch Access Levels Defining Authorized Management Stations Figure 14-7.Switch Authorized Addresses List Authorized Addresses 2.Enter an Authorized Manager IP address Access Leve Configuring Port Security Figure 14-8.Port Security Overview Page Figure 14-9.Security Policy Page for a Selected Port Static Learn Mode Address Limit Switch Intrusion Log Notice of Security violations Figure 14-10.SecurityViolation Entries in the Alert Log How the Intrusion Log Operates Keeping the Intrusion Log Current by Resetting Flags Proxy Web Servers IP Authorized Managers Security Violations Reset Device Reset Page Performing Diagnostics Figure 15-1.Ping/Link Test Page Rebooting a Device Device Reboot Figure 15-2.Device Reboot Page Resetting a Hub to Factory Default Settings Figure 15-3.Factory Reset of a Hub Resetting a Switch Figure 15-4.Resetting a Switch Producing a Configuration Report Figure 15-5.Configuration Report Page Downloading Software See The HP Download Managerfor updating all other HP devices Starting the Software Update Utility Devices by Type, Networking Devices Select a hub or switch to be updated and right-clickon it. Select Update Firmware from the menu. You can also select the device, then click on the Obtaining the Software from the Web Accepting the Licensing Agreement Scheduling the Software Update Figure 16-3.Devices Selected for Updating, Showing Scheduled Time of Update Figure 16-4.Alert Log Showing Successful Software Update Viewing the Software Updates Available on the TopTools Server Settings - System Software Packages Hubs & Switches Local The HP Download Manager Obtaining New Software from HP There are three sources you can access for new software: ■The latest HP TopTools for Hubs & Switches CD-ROM The World Wide Web, at HP’s Procurve web site. The URL is: Update Firmware Download Control Figure 16-5.Download Control Change SET_COMMUNITY_NAME nation of the computer’s CD drive. If the software files have already been the time, and click OK Make sure you leave the CD in the drive Figure 16-6.Download Status dialog box View Log How to Update the Map Files subdirectory Uncompress the file and copy the results (which will either be a .bin, .swi, or .fdd file) into the \Program Files\Hptt\hpwnd\dld directory New software version data: Page Appendix A IPX Networks IP Networks Globally Assigned IP Network Addresses United States and countries not in Europe or Asia/Pacific Europe Configuring IP Parameters N o t e : The IP configuration parameters are described below IP Address Subnet Mask Primary Default Router Network Bootp Server A-6 Numerics Index–2 Index–3 Index–4 Index–5 Index–6 Index–7 Index–8