Configuring Port Security-Planning | HP Networking TopTool Products

Setting Up Security for a Device

Switch Port Security

• Automatically sends notice of an attempted security violation to the switch's Intrusion Log and to the Alert Log in the switch's web browser interface.

• Sends an SNMP trap notifying of an attempted security violation to a

	network management station. For more information on configuring
	the switch for SNMP management, see the Management and Config-
	uration Guide you received with the switch.
	■ Prevent Eavesdropping: Block outbound traffic with unknown destina-
	tion addresses from exiting through the port. This prevents an unautho-
	rized device on the port from eavesdropping on the flooded unicast traffic
	intended for other devices.

N o t e	The switch security measures block unauthorized traffic without disabling the
	port. This implementation enables you to apply the security configuration to
	ports on which hubs or other switches are connected, and to maintain security
	while also maintaining network access to authorized users.
	Configuring Port Security—Planning
	Configuring Port Security—Planning
	Plan your port security configuration and monitoring according to the
	following:
	■ On which ports do you want to configure intruder security?
	■ Which devices (MAC addresses) are authorized on each port?
	■ For each port, what security actions do you want:
	• Block intruders from transmitting to the network?
	• Prevent intruders from eavesdropping on network traffic?
	■ How do you want to learn of the security violation attempts the switch
	detects:
	• Through network management, that is, do you want an SNMP trap
	sent to a network management station when a port detects a security
	violation attempt?
	• Through the switch's web browser interface (Alert Log and Intrusion
	Log)?
	• Through the Event Log and the Intrusion Log in the switch console
	interface?
	Use the web browser interface and/or the switch console to configure port
	security. The following table describes the parameters.
	Table 14-3. Port Security Control Parameters

ParameterDescription

Port	Identifies the switch port to view or configure for port security

14-12

Image 192

HP Networking TopTool Products manual Configuring Port Security-Planning, Port Security Control Parameters

Contents

HP TopTools for Hubs & Switches User Guide Page HP TopTools for Hubs & Switches User Guide Applicable Product Contents Listing Devices Configuring Polling Hardware and Software RequirementsDevice Topology Node Port Table Custom Groups Searching for Devices Locating a Node Monitoring Network Traffic Top Conversations Inventory of End Nodes Quality of Service Overview Basic Operation Managing Switches Viii Performing Diagnostics How to Update the Map Files Appendix a Starting HP TopTools for Hubs Switches Quick Start Getting Around in HP TopTools Quick Start Viewing Your Network Devices DevicesMaps Quality of Service Using the PannerPolicies Configuration Policies Examining Alerts Configuring and Monitoring Devices List of Networking Devices T e Viewing Network Traffic Traffic Monitor Optimizing Your Network Network MeterTop Talkers How to Get Support Introduction Introduction to HP TopToolsTopics covered in this chapter include HP TopTools for Hubs & Switches Introduction HP TopTools for Hubs & Switches Home Ware running and know how to use your network utilities Network Devices Features Viewing a List of Devices Network Traffic Network GrowthHP Devices Supported Group Policies Snmp HP Switches Supported J2611A Learning to Use HP TopTools HP Procurve Switches & Hubs Technical Support HP TopTools Technical Product Support Introduction System Requirements Hardware and Software RequirementsSystem Requirements Requirements System Requirements Discovering Your Devices Beginning Discovery Discovery Status Selecting NetworksDiscovering Your Devices Networks Page of Settings for Discovery Adding Devices for Discovery Configuring Discovery Settings Settings Page of Settings Discovery Troubleshooting Discovery Additional Community Names Inventory of Devices Interpreting the Alert Log Automatic Fault Finding AlertsThis chapter contains information on Alerts Alerts Common Faults Fault Description, Cause and Actions Check for faulty cabling, transceivers, and NICs Launching the Device View Acknowledging AlertsClosing Alerts First Time Installation Information Filtering AlertsSorting Alerts Selecting Alert Log Filters Selecting Alert Log Filters Topology Filtering by Alert StateFiltering by Alert Severity Filtering by Device Selecting Alert Log Filters Custom Groups Selecting Alert Log Filters SearchClick on the + or boxes to add or remove search criteria Configuring Action on Alerts Search Configure Actions on Alerts Deleting Closed Alerts Alerts Networking Devices Listing Devices Configuring Polling Communication from the list Device Communication Settings SNMP/Trap Configuration Selecting Actions for Devices Device Topology Thresholds Dialog Box Write in order for your devices to be mapped Topology of Networking Devices When a link has been clicked on, it is no longer blue Node Port TableCustom Groups Searching for Devices Custom Groups Search Networking Devices Group Policies Creating Groups Viewing the Devices in a Group Members of a groupGroup Policies Adding a Group Modifying a Group Group Configuration Modify Group Adding a Device to a Group Removing a Device from a Group Changing the Group Name Configuring Group Policies Main Configuration Policies General Configuration Policies Snmp System Information Alert Configuration Policies Checking Firmware Versions Setting Fault Sensitivity Sending Alerts to the HP TopTools Management StationRemoving Trap Receivers Advanced Switch Features Advanced Switch Features Automatic Broadcast Control ABC Enabling Broadcast Control for IP Enabling Broadcast Control for IPX Automatic IP Gateway Configuration Internet Group Management Protocol Igmp Security Configuration Policies Spanning Tree ProtocolCommunities Forward with High Priority Adding a Community Security Policies Configuring Authorized Managers Modifying a CommunityDeleting a Community Adding or Deleting an Authorized Manager Viewing Your Maps Displaying Maps Map Server Settings Viewing Your Maps Default View Automatic Map Generation Cluster Size Map Styles Launching a Map Spacing Using the Panner Launching the Device View SNMP/Trap Configuration Options for Displaying MapsOptions Refresh Maps Options-Labeling Locating a Node Changing Map ViewsOptions-Legend Monitor Viewing Your Maps Using Traffic Monitor Monitoring Network Traffic Traffic Monitor Main Monitoring Network Traffic Reading the Traffic Information Gauges Reading the Segment Histogram Setting Thresholds Selecting Segment Groups and SegmentsComparing Segments Across Different Medias Thresholds Window Displaying the Network Meter Who Are the Top 5 Talkers? Options Button Top 5 Talkers Other Top Talkers Not in Selected Minute Others Top5 View Menu ItemsLocating a Segment or End Node Data sampler for this segment Traffic Data Collector Settings Automatic Monitoring Manual MonitoringDiscovery/Topology Data Automatic is checked Configuring Ports for Manual Monitoring Adding Ports for Manual MonitoringRemoving Selected Devices Remove All Devices Traffic Data Collector Storage Settings Traffic Data Storage Traffic Data Collector Performance Troubleshooting Traffic Monitor Traffic Data Collector Performance Connection to Server Lost Monitoring Network Traffic Planning for Network Growth Meeting the ChallengesThis chapter includes the following topics Using Network Tools Planning with the Network Performance AdvisorPlanning for Network Growth Starting the Network Performance Advisor 10-3 Creating a New Report Welcome Page for Network Performance Advisor Modifying Your Settings Report Generation Page of Network Performance Advisor To cancel a report, click on the Cancel analysis button Worsen network performance during periods of normal useYou can only create one report at a time 10-6 Viewing a Report Report Properties Section Summary of Recommendations Section With Data Available Reorganize Your Current Equipment 10-9 Recommendation Details Section 10-11 Add or Upgrade Equipment How the Data is AnalyzedDividing Segments into Workgroups Traffic pattern before dividing into workgroups Traffic Pattern after Dividing into Workgroups 10-14 Converting Segments to Desktop Switching Top ConversationsUpgrading Segments to Faster Speed Media Dedicating Bandwidth to Top Talkers Top Conversations Inventory of End Nodes 10-17 When There Are No Recommendations AdministrationControlling Data Storage May not be valid How the Network Performance Advisor Collects DataUnderstanding HP Sampling 10-20 Potential Problems with Data Collection Segments Excluded from Analysis Segments that do not have Devices with Sampling CapabilitySegments not Selected for Analysis Quality of Service Overview HP Procurve Switch 8000M HP Procurve Routing Switch 9308M and 9304MHP Procurve Routing Switch 6308M-SX and 6208M-SX Switch using the switchs web browser or console interface Basic Operation HP TopTools QoS operates on two levels as described below11-3 Viewing All Currently Configured QoS Policies Configuring QoS for Specific Devices IP Addresses Adding a Policy for a Specific IP Address Adding a Policy for an IP Address Configuring a QoS Policy for IP Type Service ToS ToS Configuration Options11-6 Differentiated Services Switch Ports11-7 Outbound ToS Option Procurve How To Configure a ToS Policy Vlan Configuring a QoS Policy for Specific Protocols DECNet AppleTalk QoS Policy for a Specific Protocol Configuring a QoS Policy for a Specific Click on the Return button to return to the Main QoS 11-12 Accessing Hub Features Device Management Features Accessing Hub Features Viewing Device Identity Information12-2 Interpreting Device Status Reading the Performance Gauges Performance Gauges for a Hub Switching Hub Global Counters Global CountersHub Global Counters Gauge Attributes Counters are described in the following table Global Counters12-6 Counter Description Configuring Your Device Port CountersSee the online help for information on each counter Fault Detection Hub Device View Configuring IP System Information Hub IP Configuration Switching Hub IP Configuration12-10 Port Configuration Setting DescriptionInformation is described in the following table Port Information Bridge Enable/Disable Backup Links Configuring Load Balancing-Switching Hubs Backup Link ParametersParameter Description Support URL Select Technical Support 12.The Support 12-15 12-16 Managing Switches Displaying Switch StatusStatus Overview This chapter has information on Managing Switches Graph Area Port Status Alert Log Area Port Status settings are described in the following table Port Status Settings13-4 Switch Identity Information Identity Page for HP Switch 800T Configuring Switch Features Device View Device View for the HP Procurve Switch 2424M IP Configuration Characteristics of Bootp and Dhcp Help for that device 13-9 Class of Service Port Settings13-10 Using VLANs to Maximize the CoS Benefit Is, CoS enables you toWhen it is received on the switch 13-11 Definitions Basic Operation13-12 Default Vlan as a tagged Vlan QoS Setting Outbound Port Queue OperationCoS Priority Switch Queues Criteria for Prioritizing Outbound PacketsPriority Mapping Table Tagged Vlan TopTools Steps for Configuring CoS Priority Guidelines for Configuring CoS PrioritiesPriority Criteria and Precedence Assigning a Monitoring Port 13-16 Setting Device Features Monitoring Selected Ports on a Switch HP Procurve Stack Management 11.Configuration Page for HP 8000M as Commander of a Stack Vlan Configuration Stack Management with VLANsBenefits of Stack Management Enabling VLANs Adding a VlanRenaming a Vlan Removing a Vlan Modifying Port Vlan Configuration Enabling Gvrp SecurityConfirm removal of the Vlan Support/Management URLs Support URL13-23 Management Server URL 13-24 Setting Up Security for a Device Device Passwords Manager/Operator Password Combinations Setting Up Security for a Device Password Settings Passwords Read Write Results ProtectedFunction of Community Names Set Snmp Community Names Configuring for Community Names Select the Additional Devices tabRun Discovery again This improves the Discovery process Hub Port Security Address Selection Send Alarm Authorized AddressEavesdrop Prevention Setting Security Policy for Selected Ports Disable Port14-9 Setting the Security Policy for Selected Ports Hub Intrusion Log Switch Port Security Basic Operation Configuring Port Security-Planning Port Security Control Parameters Learn Mode 14-13 Configuring Authorized IP Managers 14-14 Access Levels Overview of IP Mask OperationDefining Authorized Management Stations 14-15 Configuring Port Security Enter an Authorized Manager IP address Port Security Overview Switch Intrusion Log Select Yes to Prevent EavesdroppingClick on the Apply Changes button 10.Security Violation Entries in the Alert Log Keeping the Intrusion Log Current by Resetting Flags Operating Notes for Port SecurityIdentifying the IP Address of an Intruder How the Intrusion Log Operates Proxy Web Servers Security Violations 14-22 Performing Diagnostics Performing a Ping/Link Test Rebooting a Device Performing Diagnostics Resetting a Hub to Factory Default Settings Device Reboot Resetting a Switch 15-4 Producing a Configuration Report 15-5 15-6 Software Update Utility HP Procurve Switches HP Procurve Hubs Other HP SwitchesDownloading Software Starting the Software Update Utility Actions button and select Update FirmwareDownloading Software Obtaining the Software from the Web 16-3 Software updates are downloaded to Accepting the Licensing Agreement Scheduling the Software Update 16-5 Downloading Software Alert Log Showing Successful Software Update HP Download Manager Obtaining New Software from HPDevice types Download Control Time, and click OK Make sure you leave the CD in the drive How to Update the Map Files New software version data16-11 16-12 Appendix a Agent Firmware VersionsVerifying Device Agent Versions Appendix a contains the following topics Preparing Network Devices Device Network AddressesIPX Networks IP Networks Configuring IP Parameters Globally Assigned IP Network Addresses T e Network Bootp Server Appendix a Index Index-1 Index-2 Index-3 Full Network button … Index-4 Index-5 Index-6 Index-7 Undo Last Load Balancing … 12-13 Update Discovery … Index-8