Symbols
- 802.1X access control
-
- authenticate users, 802.1X port-based access control
- authentication
-
- local, Alternative to using a RADIUS server
- methods, User authentication methods
- user-based, 802.1X user-based access control
- authenticator
-
- operation, General 802.1X authenticator operation
- unblock port, 802.1X port-based access control
- blocked port
-
- trunked, General operating rules and notes
- control all clients, General operating rules and notes
- display, MAC authentication, Preparation for configuring MAC authentication
- hierarchy of precedence in authentication session, Precedence of client-based authentication: Dynamic Configuration Arbiter (DCA)
- meshing, not supported, General operating rules and notes
- multiple clients, same VLAN, 802.1X user-based access control
- open port, User authentication methods
- password for port-access, Saving security credentials in a config file
- port-based
-
- client without authentication, 802.1X port-based access control
- latest client, effect, 802.1X port-based access control
- multiple client access, 802.1X port-based access control
- multiple clients authenticating, 802.1X port-based access control
- operation, 802.1X port-based access control
- recommended use, 802.1X port-based access control
- single client authenticates, 802.1X port-based access control
- tagged VLAN membership, 802.1X port-based access control
- unauthorized client risk, 802.1X port-based access control
- untagged VLAN membership, 802.1X port-based access control
- Web/MAC authentication, 802.1X port-based access control
- port-based effect of Web/MAC auth operation, General operating rules and notes
- port-security use, 802.1X port-based access control
- priority of VLAN
-
- per-port, VLAN membership priority
- rules of operation, General operating rules and notes
- security credentials saved to configuration file, Restrictions on enabling security credentials
- trunked port blocked, General operating rules and notes
- user-based
-
- access, 802.1X user-based access control
- authentication, Example of the authentication process
- client authentication, 802.1X user-based access control
- client limit, 802.1X user-based access control
- limit, User authentication methods
- tagged VLAN, 802.1X user-based access control
- Web/MAC authenticated clients, 802.1X user-based access control
- VLAN
-
- membership priority, VLAN membership priority
- VLAN, assignment conflict, VLAN assignment in an authentication session, General operating rules and notes
- Web/MAC auth effect, General operating rules and notes
A
- AAA, Overview
- aaa authentication
-
- chap-radius, Configuring authentication for the access methods that RADIUS protects
- peap-mschapv2, Configuring authentication for the access methods that RADIUS protects
- privilege-mode
-
- privilege-mode single sign-on, Using the privilege-mode option for login
- TACACS
-
- TACACS+ server, Configuring TACACS+ on the switch
- ACL
-
- display
-
- content of an ACL, Viewing the content of a specific ACL
- extended
-
- configuring, Configuring numbered, extended ACLs
- extended numbered
-
- configure, Creating or adding to an extended, numbered ACL
- IPv4
-
- applications, Static ACLs
- defined, IPv4 Access Control Lists (ACLs)
- security use, IPv4 Access Control Lists (ACLs)
- static
-
- defined, Static ACLs
- statistics counters
-
- ACE, IPv4, Monitoring static ACL performance
- ACL, IPv4
-
- 802.1X client limit, 802.1X user-based and port-based applications
- 802.1X effect, 802.1X user-based and port-based applications
- ACE
-
- after match not used, Guidelines for planning the structure of a static ACL, The sequence of entries in an ACL is significant
- insert in list, Inserting an ACE in an existing ACL
- order in list, Guidelines for planning the structure of a static ACL
- ACE limit, IPv4 ACL configuration and operating rules
- ACE not used, Implicit Deny
- application points, General steps for planning and configuring ACLs, IPv4 traffic management and improved network performance
- applications, Dynamic port ACLs, ACL applications, General steps for planning and configuring ACLs, General steps for implementing ACLs
- assign nonexistent i.d., You can assign an ACL name or number to an interface even if the ACL does not exist in the switch configuration
- assigning to a VLAN, A configured ACL has no effect until you apply it to an interface, Filtering inbound IPv4 traffic per port
- basic structure, ACL configuration structure
- caution
-
- security use, Security
- character limit, Configuring standard ACLs
- CIDR
-
- mask, Using CIDR notation to enter the IPv4 ACL mask
- mask bits, IP address, Configuring ACEs in a named, standard ACL, Creating numbered, standard ACLs
- Command syntax, Entering the IPv4 named ACL context
- comparison operator, Including options for TCP and UDP traffic in extended ACLs
- configured but not used, A configured ACL has no effect until you apply it to an interface
- configuring
-
- general steps, General steps for planning and configuring ACLs
- copy operation appends, Creating or editing an ACL offline
- deleting from config, Deleting an ACL
- deny any
-
- implicit, Features common to all ACL applications
- deny any, implicit, Implicit Deny
- display
-
- ACLs and assignments, Viewing all ACLs and their assignments in the routing switch startup-config and running-config files
- assignments, Viewing the VACL assignments for a VLAN
- configuration details, Viewing the content of all ACLs on the switch
- display summary
-
- configured ACLs, Viewing an ACL summary
- dynamic port join, IPv4 ACL configuration and operating rules
- dynamic port joins to a VLAN, IPv4 ACL configuration and operating rules
- editing, Editing an existing ACL
- end, Effect of the above ACL on inbound IPv4 traffic in the assigned VLAN
- established, Options for permit/deny policies, Including options for TCP and UDP traffic in extended ACLs
- exit statement, Effect of the above ACL on inbound IPv4 traffic in the assigned VLAN
- extended
-
- configuring, Configuring extended ACLs
- defined, Options for permit/deny policies
- use, Extended ACL
- extended numeric I.D. range, Options for permit/deny policies
- extended protocol options, Options for permit/deny policies
- extended structure, Extended ACL configuration structure
- features
-
- common to all, Features common to all ACL applications
- filtering methods, ACL applications
- filtering process, Guidelines for planning the structure of a static ACL
- host option, Example of allowing only one IPv4 address ("host" option)
- ICMP
-
- code, Controlling ICMP traffic flow
- configure, Controlling ICMP traffic flow
- type, Controlling ICMP traffic flow
- ICMP options, Controlling ICMP traffic flow
- ICMP traffic, General steps for planning and configuring ACLs
- IGMP
-
- type, Controlling IGMP traffic flow
- IGMP traffic, General steps for planning and configuring ACLs
- implicit deny, Features common to all ACL applications, ACL configuration structure, Allowing for the Implied Deny function
- implicit deny any, IPv4 traffic management and improved network performance, Guidelines for planning the structure of a static ACL, IPv4 ACL configuration and operating rules
- implicit deny, permit any
-
- supersede, ACL configuration structure
- limit, Monitoring shared resources, Configuring extended ACLs
- logging, Features common to all ACL applications, Configuring ACEs in a named, standard ACL
- logging session, Features common to all ACL applications
- mask, Features common to all ACL applications, Rules for defining a match between a packet and an ACE, Configuring ACEs in a named, standard ACL
-
- CIDR, Using CIDR notation to enter the IPv4 ACL mask
- one IP address, Example of allowing only one IPv4 address ("host" option)
- match
-
- example, Example of how the mask bit settings define a match
- match always, Allowing for the Implied Deny function
- match criteria, Rules for defining a match between a packet and an ACE
- match ignored, Guidelines for planning the structure of a static ACL
- maximum allowed, IPv4 ACL configuration and operating rules
- monitoring, Monitoring static ACL performance
- multiple ACLs on interface, Multiple ACLs on an interface
- multiple applications, Multiple ACLs on an interface
- multiple on same interface, Multiple ACLs on an interface
- name or number assignment, You can assign an ACL name or number to an interface even if the ACL does not exist in the switch configuration
- name string
-
- maximum characters, Options for permit/deny policies
- named character, Configuring standard ACLs
- named rule, Inserting or adding an ACE to an ACL
- non-IPv4 traffic
-
- IPv6, AppleTalk, IPX, Security
- number of entries, Features common to all ACL applications
- numbered
-
- manage as named, Configuring standard ACLs
- numbered rule, Inserting or adding an ACE to an ACL
- numbered, standard
-
- configuring, Creating numbered, standard ACLs
- offline
-
- configuring, Features common to all ACL applications
- override implicit deny, Implicit Deny
- permit
-
- multiple ACLs, Multiple ACLs on an interface
- permit any forwarding, Guidelines for planning the structure of a static ACL
- permit/deny policies
-
- defined, Options for permit/deny policies
- planning, Planning an ACL application
-
- general steps, General steps for planning and configuring ACLs
- policies, Planning an ACL application
- policy
-
- permit/deny, Options for permit/deny policies
- policy application points, IPv4 Access Control Lists (ACLs)
- policy type, ACL configuration structure
- port ACL operation defined, ACL applications
- port added to trunk, IPv4 ACL configuration and operating rules
- port removed from trunk, IPv4 ACL configuration and operating rules
- port-based 802.1X, 802.1X user-based and port-based applications
- port-based security, 802.1X user-based and port-based applications
- ports affected, IPv4 ACL configuration and operating rules
- precedence, General steps for planning and configuring ACLs
- purpose, IPv4 Access Control Lists (ACLs)
- RADIUS server support, RADIUS services supported on the switch
- RADIUS-assigned, RADIUS-assigned (dynamic) port ACL applications
- RADIUS-assigned ACL application, Static port ACL and RADIUS-assigned ACL applications
- RADIUS-assigned, implicit deny, How a RADIUS server applies a RADIUS-assigned ACL to a client on a switch port
- RADIUS-assigned, limit, Monitoring shared resources
- remark
-
- remove from an ACE, Removing a remark from an existing ACE
- removing from a VLAN, Filtering inbound IPv4 traffic per port
- replacing, IPv4 ACL configuration and operating rules
- resequence, Creating or adding to an extended, numbered ACL
- rules
-
- configuration, IPv4 ACL configuration and operating rules
- operation, IPv4 ACL configuration and operating rules
- scalability, Monitoring shared resources
- security use, Security
- sequence number, Sequence numbering in ACLs
-
- interval, Creating or adding to an extended, numbered ACL
- out-of-range, Inserting an ACE in an existing ACL
- use to delete ACE, Deleting an ACE from an existing ACL
- use to insert ACE, Inserting an ACE in an existing ACL
- standard
-
- example, Creating and viewing a standard ACL
- numbered, Creating numbered, standard ACLs
- use, Standard ACL
- standard configuration, Configuring standard ACLs
- standard defined, Options for permit/deny policies
- standard name
-
- configure, Configuring ACEs in a named, standard ACL
- standard numeric I.D. range, Options for permit/deny policies
- standard structure, Standard ACL structure
- standard use, Configuring standard ACLs
- static port, IPv4 ACL configuration and operating rules
- static port ACL
-
- application, Static port ACL and RADIUS-assigned ACL applications
- static VLAN requirement, IPv4 ACL configuration and operating rules
- supernetting, Rules for defining a match between a packet and an ACE
- supersede
-
- implicit deny, permit any, ACL configuration structure
- Syslog, Features common to all ACL applications
- TCP control bits, Options for permit/deny policies, Configuring extended ACLs
- TCP or UDP port number
-
- IANA, Including options for TCP and UDP traffic in extended ACLs
- TCP, established, Options for permit/deny policies
- TCP/UDP operators , Including options for TCP and UDP traffic in extended ACLs
- TCP/UDP, port names, Including options for TCP and UDP traffic in extended ACLs
- ToS setting, General steps for planning and configuring ACLs
- traffic
-
- types filtered, IPv4 Access Control Lists (ACLs)
- traffic types filtered, IPv4 traffic management and improved network performance
- troubleshooting, Monitoring static ACL performance
- troubleshooting client authentication, Operating rules for RADIUS-assigned ACLs
- trunk
-
- adding port, IPv4 ACL configuration and operating rules
- port added or removed, IPv4 ACL configuration and operating rules
- type, Effect of the above ACL on inbound IPv4 traffic in the assigned VLAN, Configuring standard ACLs, Inserting an ACE in an existing ACL, Viewing the VACL assignments for a VLAN
- user-based 802.1X, 802.1X user-based and port-based applications
- user-based security, 802.1X user-based and port-based applications
- VACL applications, VACL applications
- VLAN, Static ACLs
- wildcard, Rules for defining a match between a packet and an ACE, How the mask defines a match
- ACL, IPv4, IPv6
-
- maximum allowed, Configuring standard ACLs
- ACL, IPv6
-
- display
-
- assignments, Viewing static port (and trunk) ACL assignments
- implicit IPv6 deny, IPv4-only rule, How a RADIUS server applies a RADIUS-assigned ACL to a client on a switch port
- IPv6 traffic implicitly denied, How a RADIUS server applies a RADIUS-assigned ACL to a client on a switch port
- limit, Monitoring shared resources
- RADIUS server support, RADIUS services supported on the switch
- RADIUS-assigned, implicit deny, How a RADIUS server applies a RADIUS-assigned ACL to a client on a switch port
- RADIUS-assigned, limit, Monitoring shared resources
- scalability, Monitoring shared resources
- troubleshooting client authentication, Operating rules for RADIUS-assigned ACLs
- type, Viewing static port (and trunk) ACL assignments
- ACLs
-
- contrasting dynamic and static, Contrasting RADIUS-assigned and static ACLs
- address
-
- authorized for port security, Basic operation
- alarms
-
- prior to, "Prior to" entries in the Intrusion Log
- authentication
-
- concurrent web-based/MAC, Concurrent web-based and MAC authentication
- DCA-applied parameters to non-authenticated client sessions, Precedence of client-based authentication: Dynamic Configuration Arbiter (DCA)
- MAC, Web and MAC Authentication
- NIM override, HP E-Network Immunity manager (NIM)
- RADIUS override, Arbitrating client-specific attributes, Viewing the currently active per-port CoS and rate-limiting configuration
- RADIUS server groups, Using multiple RADIUS server groups
- web-based, Web and MAC Authentication
- authentication session
-
- client-specific configuration applied with DCA, Precedence of client-based authentication: Dynamic Configuration Arbiter (DCA)
- authorized
-
- option for authentication, Configuring authentication for the access methods that RADIUS protects
- authorized addresses
-
- for IP management security, Defining authorized management stations
- for port security, Basic operation
- authorized IP managers
-
- building IP masks, Building IP Masks, Configuring multiple stations per Authorized manager IP entry
- configuring in console, Viewing and configuring IP Authorized managers (Menu)
- definitions of single and multiple, Defining authorized management stations
- duplicate IP address
-
- effect on authorized IP managers, Operating notes
- effect of duplicate IP addresses, Operating notes
- IP mask for single station, Configuring one station per Authorized manager IP entry
- IP mask operation, Overview of IP mask operation
- operating notes, Operating notes
- overview, Using Authorized IP Managers
- troubleshooting, Operating notes
- autorun
-
- autorun-key, Configuring the switch for SSH operation
C
- chap-radius
-
- CHAP, Configuring authentication for the access methods that RADIUS protects
- Clear button
-
- to delete password protection, Recovering from a lost manager password
- Command Syntax
-
- clear crypto client-public-key, Remove the client public keys from configuration
- crypto key generate autorun-key, Install authentication files
- crypto key generate ssh, Install authentication files
- crypto key zeroize , Remove authentication files
- crypto pki clear crl, Clear CRL
- crypto pki create-csr certificate-name, Create a certificate signing request
- crypto pki enroll-self-signed certificate-name, Create and enroll a self-signed certificate
- crypto pki ta-profile crl-root-profile ta-profile-name, Set TA profile to validate CRL and OCSP
- crypto pki ta-profile ocsp-root-profile ta-profile-name, Set TA profile to validate CRL and OCSP
- crypto pki ta-profile retrieve-crl, Retrieve CRL
- crypto pki ta-profile revocation-check crl, Configure CRL for revocation check
- crypto pki ta-profile revocation-check ocsp, Configure OCSP for revocation check
- crypto SuiteB-MinLoS tls, Configure or remove the minimum levels of security minLos for TLS
- ip source-binding, For IPv4
- ip source-lockdown, IPv4
- ip source-locksown, For IPv4
- no crypto SuiteB-MinLoS tls, Configure or remove the minimum levels of security minLos for TLS
- show, For IPv4
- show ip source-lockdown, For IPv4
- Command syntax
-
- aaa accounting, Command to enable accounting, Configuring the primary password authentication method for port-access, MAC-based, and web-based access, Accounting controls
- aaa accounting network, Command to enable accounting
- aaa accounting session-id, Reconfiguring the Acct-Session-ID operation (optional)
- aaa accounting suppress null-username, Configuring session blocking and interim updating options (optional)
- aaa accounting update periodic, Configuring session blocking and interim updating options (optional)
- aaa authentication, Selecting the access method for configuration, Configuring authentication for the access methods that RADIUS protects, Configuring the primary password authentication method for console, Telnet, SSH and WebAgent, Configuring the primary password authentication method for port-access, MAC-based, and web-based access
- aaa authentication local-user, Configuring a local user for a group
- aaa authentication login privilege-mode, Enabling manager access privilege (optional)
- aaa authentication num-attempts, Configuring the switch global RADIUS parameters
- aaa authentication port-access, Configure the 802.1X authentication method, Configuring general 802.1X operation
- aaa authentication ssh enable, Configuring the switch for SSH operation
- aaa authentication ssh login, Configuring the switch for SSH operation
- aaa authentication ssh login public-key none, Enabling client public-key authentication
- aaa authorization, Enabling authorization
- aaa authorization commands, Command to enable authorization, Command to enable authorization
- aaa authorization commands access-level, Command to enable authorization, Command to enable authorization
- aaa authorization group, Configuring groups for local authorization
- aaa port-access, Configuring mixed port access mode
-
- controlled-direction, Controlled directions
- aaa port-access authenticator, Specify user-based authentication or return to port-based authentication, Reconfigure settings for port-access, Reset authenticator operation (optional), Configuring general 802.1X operation, Configuring 802.1X Open VLAN mode, Configure the port access type
- aaa port-access authenticator active, Enable 802.1X authentication on the switch, Configuring general 802.1X operation
- aaa port-access gvrp-vlans, Enabling the use of GVRP-learned dynamic VLANs in authentication sessions
- aaa port-access mac-based, Enabling/disabling MAC authentication
-
- addr-limit, Specifying the maximum number of authenticated MACs allowed on a port
- addr-moves, Allowing addresses to move without re-authentication
- auth-vid, Specifying the VLAN for an authorized client
- logoff-period, Specifying the time period enforced for implicit logoff
- max-requests, Specifying how many authentication attempts can time-out before failure
- quite-period, Specifying how long the switch waits before processing a request from a MAC address that failed authentication
- reauth-period, Specifying time period enforced on a client to re-authenticate
- reauthenticate, Forcing re-authentication of clients
- server-timeout, Specifying how long the switch waits for a server response
- unauth-period, Setting the period of time the switch waits before moving the port to the VLAN for unauthenticated clients
- unauth-vid, Specifying the VLAN to use when authentication fails
- aaa port-access mac-based addr-format, Configuring a MAC-based address format
- aaa port-access mac-based password, Configuring the global MAC authentication password
- aaa port-access reauthenticate, Forcing reauthentication
- aaa port-access supplicant, Enabling a switch port as a supplicant, Configuring a supplicant switch port
- aaa port-access web-based, Disable web-based authentication, Specifying the VLAN, Maximum authenticated clients, Specifies base address, Specifies lease length, Specifying the period, Specifying the number of authentication attempts, Specifying maximum retries, Specifying the time period, Specifying the re-authentication period
-
- access-denied-message, Configuring custom messages for failed logins
- aaa server-group radius, Connecting a RADIUS server with a server group
- access list, Controlling ICMP traffic flow
- access-list, Displaying the current RADIUS-assigned ACL activity on the switch, Creating numbered, standard ACLs, Controlling TCP and UDP traffic flow, Controlling IGMP traffic flow
- access-list remark, Attaching a remark to an ACE
- arp-protect trust, Configuring trusted ports
- arp-protect validate, Configuring additional validation checks on ARP packets
- arp-protect vlan, Enabling dynamic ARP protection
- authentication, Selecting the access method for configuration
- authenticator, Configuring the switch to support RADIUS-assigned ACLs, Displaying the current RADIUS-assigned ACL activity on the switch
- authenticator clients, Viewing the currently active per-port CoS and rate-limiting configuration
- clear crypto public-key, Replacing or clearing the public-key file
- clear crypto public-key 3, Replacing or clearing the public-key file
- clear intrusion-flags, Checking for intrusions, listing intrusion alerts, and resetting alert flags (CLI)
- clear security-log , Security user commands
- config, Removal of certificates/CSRs
- console max-sessions, For non-stackable switches, For stackable switches, For non-stackable switches, For stackable switches, Configuring concurrent sessions per user
- copy
-
- pub-key-file, Creating a client public-key text file
- copy security-log , Security user commands
- copy sftp local-certificate, File transfer, Loading a local certificate
- copy sftp ssh-client-key, Copying client key files
- copy sftp ssh-client-known-hosts, Replacing or appending the ssh-client-known-hosts file
- copy sftp ta-certificate, File transfer
- copy ssh-client-known-hosts sftp, Copying the SSH client known hosts file to another location
- copy ssh-client-known-hosts tftp, Copying the SSH client known hosts file to another location
- copy ssh-client-known-hosts usb, Copying the SSH client known hosts file to another location
- copy ssh-client-known-hosts xmodem, Copying the SSH client known hosts file to another location
- copy ssh-server-pub-key tftp, Copying the host public key
- copy ssh-server-pub-key usb, Copying the host public key
- copy ssh-server-pub-key xmodem, Copying the host public key
- copy tftp local-certificate, File transfer, Loading a local certificate
- copy tftp ssh-client-key, Copying client key files
- copy tftp ssh-client-known-hosts, Replacing or appending the ssh-client-known-hosts file
- copy tftp ta-certificate, File transfer
- copy usb ssh-client-key, Copying client key files
- copy usb ssh-client-known-hosts, Replacing or appending the ssh-client-known-hosts file
- copy xmodem ssh-client-key, Copying client key files
- copy xmodem ssh-client-known-hosts, Replacing or appending the ssh-client-known-hosts file
- crypto key generate, Configuring the switch for SSH operation
- crypto key generate cert rsa bits, CLI commands used to generate a server host certificate
- crypto key generate ssh, Configuring the switch for SSH operation
- crypto key zeroize cert, CLI commands used to generate a server host certificate
- crypto key zeroize ssh-client-key, Removing the SSH client key pair
- crypto key zeroize ssh-client-known-hosts, Removing the SSH client known hosts file
- crypto pki, Switch identity profile
- crypto pki clear certificate-name, Removal of certificates/CSRs
- crypto pki create-csr, Local certificate enrollment – manual mode
- crypto pki create-self-signed certificate-name, Self-signed certificate
- crypto pki enroll-self-signed, Self-signed certificate enrollment
- crypto pki install-signed-certificate, Local certificate enrollment – manual mode
- crypto pki ta-profile, Trust anchor profile
- crypto pki zeroize, Zeroization
- debug dynamic-ip-lockdown, Debugging dynamic IP lockdown
- debug security, Debug logging
- debug security dhcp-snooping, Enabling debug logging
- dhcp-snooping, Enabling DHCP snooping, DHCPv4 snooping max-binding
- dhcp-snooping database, DHCP binding database
- dhcp-snooping option 82, Using DHCP snooping with option 82
- display pki certificate, Display PKI certificate
- encrypt-credentials, Enabling encrypt-credentials
- filter, Configuring a source-port traffic filter, Configuring a multicast or protocol traffic filter
- filter source-port named-filter, Defining and configuring named source-port filters
- front-panel-security factory-reset, Changing the operation Reset+Clear combination
- front-panel-security password-clear, Disabling the clear password function of the Clear button
- front-panel-security password-clear reset-on-clear, Re-enabling the Clear button and setting or changing the ‘reset-on-clear’ operation
- front-panel-security password-recovery, Disabling or re-enabling the password recovery process
- host, Device running a TACACS+ server application
- include-credentials, Enabling the storage and display of security credentials, The include-credentials radius-tacacs-only option, Displaying the status of include-credentials
- instrumentation monitor, Configuring instrumentation monitor
- interface ip access-group, Filtering inbound IPv4 traffic per port
- ip access-list, Rules for defining a match between a packet and an ACE, Entering the IPv4 named ACL context, Configuring ACEs in a named, standard ACL, Deleting an ACL, Inserting an ACE in an existing ACL, Deleting an ACE from an existing ACL
- ip access-list extended, Configuring named, extended ACLs, Deleting an ACL
- ip access-list resequence, Resequencing the ACEs in an ACL
- ip access-list standard, Deleting an ACL
- ip authorized-managers, Configuring IP Authorized managers for the switch (CLI)
- ip source-binding, Adding a static binding
- ip ssh, SSH client public-key authentication, Configuring the switch for SSH operation
- ipv6 authorized-managers, Configuring IP Authorized managers for the switch (CLI)
- key, Optional, global "encryption key"
- key chain, Assigning a time-independent key to a chain, Assigning time-dependent keys to a chain
- key-chain, Creating and deleting key chain entries
- keysize, Configuring the switch for SSH operation
- lockout-mac, MAC Lockout
- log, Using the Event Log to find intrusion alerts (CLI)
- mac-based, Configuring the switch to support RADIUS-assigned ACLs, Displaying the current RADIUS-assigned ACL activity on the switch
- max-bindings, DHCPv4 snooping max-binding
- nacl, Configuring ACEs in a named, standard ACL
- no aaa port-access authenticator, Configure the port access type
- num-attempts, Selecting the access method for configuration
- password, Setting passwords and usernames (CLI), Removing password protection, Password command options, Configuring the switch for SSH operation
- password all, Removing password protection
- password port-access, General setup procedure for 802.1X access control
- port security, Configuring port security
- port-access, Configuring the switch to support RADIUS-assigned ACLs, Viewing the currently active per-port CoS and rate-limiting configuration, Displaying the current RADIUS-assigned ACL activity on the switch
- port-access authenticator, Enable the selected ports as authenticators and enable the (default) port-based authentication
- port-security
-
- clear-intrusion-flag, Checking for intrusions, listing intrusion alerts, and resetting alert flags (CLI)
- port-security eavesdrop-prevention, Feature interactions when Eavesdrop Prevention is disabled
- pub-key-file, Configuring the switch for SSH operation
- public-key, SSH client public-key authentication
- radius, Displaying the current RADIUS-assigned ACL activity on the switch
- radius host, Enter the RADIUS host IP address(es), Configuring general 802.1X operation
- radius-server, Configuring the switch to access a RADIUS server
- radius-server host, Configuring the switch to access a RADIUS server, Configuring the switch to access a RADIUS server, Connecting a RADIUS server with a server group, Configuring a switch to access a RADIUS server, Configuring the switch to support RADIUS-assigned ACLs
- radius-server key, Enter the RADIUS host IP address(es), Configuring general 802.1X operation
- rate-limit, Viewing CLI-configured rate-limiting and port priority for ports
- Show, DHCPv4 snooping max-binding
- show, Viewing the currently active per-port CoS and rate-limiting configuration, Viewing CLI-configured rate-limiting and port priority for ports, Displaying the current RADIUS-assigned ACL activity on the switch
- show access-list, Viewing an ACL summary, Viewing the content of a specific ACL
- show access-list config, Viewing the content of all ACLs on the switch
- show access-list ports, Viewing static port (and trunk) ACL assignments
- show access-list radius, show access-list radius, show access-list (NAS rule) and (filter-id)
- show access-list vlan, Viewing the VACL assignments for a VLAN
- show accounting, RADIUS accounting statistics
- show accounting sessions, Show accounting sessions, RADIUS accounting statistics
- show authentication, Viewing the current authentication configuration, RADIUS authentication statistics
- show authorization, Viewing authorization information
- show authorization group, Show all authorization configurations, Displaying command authorization information
- show authorization sessions, Show all accounting configurations
- show crypto client-public-key, Creating a client public-key text file
- show crypto pki, Certificate details
- show crypto pki local-certificate, Certificate specific
- show crypto pki ta-profile, Show profile specific, Show details of TA profile
- show dhcp-snooping binding, DHCP binding database
- show filter, Displaying traffic/security filters
- show filter source-port, Viewing a named source-port filter
- show front-panel-security, Configuring front panel security
- show interfaces brief, Checking for intrusions, listing intrusion alerts, and resetting alert flags (CLI)
- show key chain, Assigning time-dependent keys to a chain
- show key-chain, Creating and deleting key chain entries, Assigning a time-independent key to a chain
- show mac-address, Listing authorized and detected MAC addresses
- show port-access authenticator, Show commands for port-access authenticator
- show port-access authenticator clients, Show commands for port-access authenticator
- show port-access authenticator config, Show commands for port-access authenticator
- show port-access authenticator session-counters, Show commands for port-access authenticator
- show port-access authenticator statistics, Show commands for port-access authenticator
- show port-access authenticator vlan, Show commands for port-access authenticator
- show port-access mac-based, Viewing the show commands for MAC authentication
- show port-access mac-based clients, Viewing session information for MAC authenticated clients on a switch
- show port-access mac-based clients detailed, Viewing detail on status of MAC authenticated client sessions
- show port-access mac-based config, Viewing MAC authentication settings on ports
- show port-access mac-based config auth-server, Viewing MAC Authentication settings including RADIUS server-specific
- show port-access mac-based config detailed, Viewing details of MAC Authentication settings on ports
- show port-access summary, Viewing port-access information
- show port-access supplicant, Show commands for port-access supplicant
- show port-access web-based, Show commands for web-based authentication
- show port-access web-based clients, Show commands for web-based authentication
- show port-access web-based config, Show commands for web-based authentication
- show port-security, Displaying port security settings
- show port-security intrusion-log, Checking for intrusions, listing intrusion alerts, and resetting alert flags (CLI)
- show radius, General RADIUS statistics
- show radius accounting, RADIUS accounting statistics
- show radius authentication, RADIUS authentication statistics
- show running config, show access-list radius
- show security-log , Security user commands
- show server-group radius, Viewing RADIUS server group information
- show session-list, Displaying open sessions
- show snmp-server, Viewing and changing the SNMP access configuration
- show tacacs, Viewing the current TACACS+ server contact configuration
- show tacacs host, Show TACACS+, Show TACACS+ host details
- show vlan, Viewing 802.1X Open VLAN mode status
- snmp-server mib hpswitchauthmib, Viewing and changing the SNMP access configuration
- ssh, Opening a secure session to an HP switch
- ssh-server-pub-key sftp, Copying the host public key
- static mac, MAC Lockdown
- tacacs timeout, Specifying how long the switch waits for a TACACS+ server to respond to an authentication request
- tacacs-server dead-time, Command to configure dead time
- tacacs-server host, Configuring the switch TACACS+ server access
- tacacs-server host key, Configuring TACACS+ server
- tftp, Configuring the switch for SSH operation
- vlan
-
- ip access-group, VACL applications
- vlan ip access-group, Filtering IPv4 traffic inbound on a VLAN
- web-based, Configuring the switch to support RADIUS-assigned ACLs, Viewing the currently active per-port CoS and rate-limiting configuration
- web-management ssl, Using the CLI interface to enable SSL
- config file, Security settings that can be saved
- configuration
-
- access method, Selecting the access method for configuration
- password security, Configuring Username and Password Security
- port security, Planning port security
- saving security credentials in multiple files, Operating notes
- username and password security, Configuring Username and Password Security
- username security, Configuring Username and Password Security
- Configuration support
-
- Suite B, Configuration support
- configuring
-
- local password security, Configuring local password security
- password security, Configuring password security
- RADIUS server, Configuring the switch to access a RADIUS server
- web-based authentication, Configuring web-based authentication
- console
-
- access, Overview
- authorized IP managers, configuring, Viewing and configuring IP Authorized managers (Menu)
- console access
-
- manager, Overview
- operator, Overview
- contacting HP, Contacting HP
- conventions
-
- document, Typographic conventions
- text symbols, Typographic conventions
- CoS
-
- configuring for a RADIUS server
-
- Class of Service, RADIUS services supported on the switch
- override
-
- (CoS) Priority assignments per-user on traffic inbound to the switch, CoS and rate-limiting services
- RADIUS client, Viewing the currently active per-port CoS and rate-limiting configuration
- viewing per-port config, Viewing the currently active per-port CoS and rate-limiting configuration
- crypto
-
- babble, Configuring the switch for SSH operation
- fingerprint, Configuring the switch for SSH operation
D
- default configuration and security, Configuring security settings using the CLI wizard
- default settings
-
- 802.1X access control
-
- none, Access security and switch authentication features
- aaa authentication parameters, AAA authentication parameters
- ACLs
-
- none, Access security and switch authentication features
- authorized ip managers
-
- none, Access security and switch authentication features
- DHCP snooping
-
- none, Network security – default settings and security guidelines
- dyn-authorization
-
- disabled, Configuring the switch to access a RADIUS server
- dynamic arp protection
-
- none, Network security – default settings and security guidelines
- dynamic IP lockdown
-
- none, Network security – default settings and security guidelines
- factory reset
-
- enabled, Configuring front panel security
- front panel security, Configuring front panel security
- front-panel-security, Configuring front panel security
- ICMP rate-liming
-
- none, Network security – default settings and security guidelines
- key management system
-
- none, Network security – default settings and security guidelines
- MAC authentication
-
- disabled, Access security and switch authentication features
- MAC lockdown and lockout
-
- none, Network security – default settings and security guidelines
- manager password
-
- no password, Access security and switch authentication features
- password recovery
-
- enabled, Disabling or re-enabling the password recovery process
- passwords
-
- disabled, Configuring front panel security
- password recovery, enabled, Configuring front panel security
- password-clear, enabled, Disabling the clear password function of the Clear button
- port security
-
- none, Network security – default settings and security guidelines
- port security, off or 'continuous', Basic operation
- RADIUS
-
- global parameters, Configuring the switch for RADIUS authentication
- server key, null, Configuring the switch for RADIUS authentication
- RADIUS authentication
-
- disabled, Access security and switch authentication features
- secure management vlan
-
- disabled, Access security and switch authentication features
- security
-
- access security and authentication, Access security and switch authentication features
- network security, Network security – default settings and security guidelines
- SNMP
-
- public, unrestricted, Access security and switch authentication features
- SNMP access, SNMP security guidelines
- SNMP access to the security MIB, open, Using SNMP to view and configure switch authentication features
- spanning tree
-
- bpdu filtering, Network security – default settings and security guidelines
- bpdu protection, Network security – default settings and security guidelines
- none, Network security – default settings and security guidelines
- SSH
-
- disabled, Access security and switch authentication features
- SSL
-
- disabled, Access security and switch authentication features
- TACACS
-
- tacacs-server-timeout, 5 seconds, Configuring the timeout period
- TACACS+
-
- login attempts, 3, General authentication setup procedure
- TACACS+ authentication
-
- disabled, Access security and switch authentication features
- TACACS+ authentication configuration, Viewing the current authentication configuration
- TCP port number for SSH connections, 22, Configuring the switch for SSH operation
- Telnet access
-
- enabled, Access security and switch authentication features
- time-window, 300 seconds, Configuring the switch to access a RADIUS server
- traffic/security filters
-
- none, Network security – default settings and security guidelines
- UDP destination port for authentication, General RADIUS setup procedure
- usb autorun, disabled (if password), Network security – default settings and security guidelines
- usb autorun, enabled (if no password), Network security – default settings and security guidelines
- Web authentication
-
- disabled, Access security and switch authentication features
- Web-browser access
-
- enabled, Access security and switch authentication features
- deleting
-
- password protection, Deleting password protection
- DHCP-snooping max-bindings
-
- max-bindings, DHCPv4 snooping max-binding
- DHCPv4
-
- DHCP Snooping, DHCPv4 snooping max-binding
- document
-
- conventions, Typographic conventions
- documentation
-
- providing feedback on, Documentation feedback
- Dynamic Configuration Arbiter (DCA)
-
- applying settings to non-authenticated clients, Precedence of client-based authentication: Dynamic Configuration Arbiter (DCA)
- hierarchy of precedence in authentication sessions, Arbitrating client-specific attributes
- overview, Precedence of client-based authentication: Dynamic Configuration Arbiter (DCA)
- Dynamic port ACL, ACL applications
- Dynamic port ACLs, Dynamic port ACLs
E
- Eavesdrop Prevention, Eavesdrop Prevention
-
- configured mode, Learn – Effect
- continuous learn mode, Learn – Effect
- disabling, Disabling Eavesdrop Prevention
- interactions with learn modes, Feature interactions when Eavesdrop Prevention is disabled
- limited-continuous mode, Learn – Effect
- static mode, Learn – Effect
- Eavesdrop protection, Basic operation
- encryption key
-
- RADIUS, Saving security credentials in a config file
- TACACS, Saving security credentials in a config file
- Event Log
-
- intrusion alerts, Using the Event Log to find intrusion alerts (CLI)
I
- IANA, protocol numbers, Configuring ACEs in named, extended ACLs, Options for ICMP traffic in extended ACLs
- IDM, Optional HP PCM and IDM network management applications
-
- overview, HP PCM+ Identity-Driven manager (IDM)
- RADIUS-based security classifiers, HP PCM+ Identity-Driven manager (IDM)
- RADIUS-based sessions, Monitoring shared resources
- include-credentials
-
- displaying status, Displaying the status of include-credentials
- store-in-config, Enabling the storage and display of security credentials
- intrusion
-
- prior to, "Prior to" entries in the Intrusion Log
- intrusion alarms
-
- entries dropped from log, Alert flag status for entries forced off of the Intrusion Log
- Event Log, Using the Event Log to find intrusion alerts (CLI)
- Intrusion Log
-
- prior to, Checking for intrusions, listing intrusion alerts, and resetting alert flags (Menu), Checking for intrusions, listing intrusion alerts, and resetting alert flags (CLI)
- IP
-
- authorized IP managers, Using Authorized IP Managers
- reserved port numbers, Configuring the switch for SSH operation
- IP attribute
-
- RADIUS
-
- IP attribute, Accounting service types
- IP masks
-
- building, Building IP Masks, Configuring multiple stations per Authorized manager IP entry
- for single authorized manager station, Configuring one station per Authorized manager IP entry
- operation, Overview of IP mask operation
- IPv4
-
- ACL
-
- applications, Static ACLs
- defined, IPv4 Access Control Lists (ACLs)
- security use, IPv4 Access Control Lists (ACLs)
- static
-
- defined, Static ACLs
- IPv4, ACL
-
- vendor-specific attribute, Nas-Filter-Rule attribute options
- IPv6 ACL
-
- vendor-specific attribute, Nas-Filter-Rule attribute options
- IPv6, ACL
-
- vendor-specific attribute, Nas-Filter-Rule attribute options
K
- Key Management System
-
- overview, Overview
- KMS
-
- accept key time, Assigning time-dependent keys to a chain
- configuration, Configuring key chain management
- generating a key chain, Creating and deleting key chain entries
- key chain entry, Creating and deleting key chain entries
- key chain generation, Configuring key chain management
- overview, Overview
- send key time, Assigning time-dependent keys to a chain
- time protocol, Assigning time-dependent keys to a chain
- time-dependent key, Assigning time-dependent keys to a chain
- time-independent key
-
- assigning, Assigning a time-independent key to a chain
L
- LACP
-
- 802.1X not allowed, General operating rules and notes
- Local MAC Authentication, Possible scenarios for deployment
- Local MAC authentication
-
- Concepts, Concepts
- Configuration commands, Configuration commands, Per-port attributes, Configuration examples
- Configuration examples, Configuration examples, Configuration example 1, Configuration example 2, Configuration using mac-groups, Configuration without using mac-groups
- Configuration using MAC-groups, Configuration using mac-groups
- Configuration without MAC-groups, Configuration without using mac-groups
- Overview, Overview
- Per-port attributes, Per-port attributes
- Show commands, Show commands
M
- MAC authentication
-
- authenticator operation, How web-based and MAC authentication operate
- blocked traffic, Overview
- CHAP usage, Overview
- client status, Client status
- concurrent with web, Concurrent web-based and MAC authentication
- configuring a global password, Configuring the global MAC authentication password
- display all 802.1X, MAC authentication configuration, Preparation for configuring MAC authentication
- general setup, preparation, Preparation for configuring MAC authentication
- hierarchy of precedence in authentication session, Precedence of client-based authentication: Dynamic Configuration Arbiter (DCA)
- overview, Access security and switch authentication features
- prerequisites, Setup procedure for web-based/MAC authentication
- rules of operation, Operating rules and notes
- show status and configuration, Viewing the show commands for MAC authentication
- MAC lockout
-
- number of vlans, How MAC Lockout works
- manager password, Overview, Setting passwords (Menu), Deleting password protection
- MIB
-
- SNMP access, SNMP security guidelines
- SNMP access to authentication MIB, SNMP access to the authentication configuration MIB
P
- password
-
- 802.1X port-access, Saving security credentials in a config file
- browser/console access, Configuring password security
- case-sensitive, Setting passwords (Menu)
- caution, Configuring password security
- configuring manager and operator, Setting passwords and usernames (CLI)
- delete, Deleting password protection
- deleting with the Clear button, Recovering from a lost manager password
- downgrading software, Passwords implications when upgrading or downgrading software versions
- general rules, General rules for usernames and passwords
- length, Setting passwords (Menu), Username and password length
- locally configured, hierarchy of precedence in authentication session, Precedence of client-based authentication: Dynamic Configuration Arbiter (DCA)
- no switch access, Unable to use previous password
- operator only, caution, Configuring password security
- recover, Recovering from a lost manager password
- security
-
- configuring, Configuring password security
- SNMP configuration, Overview
- upgrading software, Passwords implications when upgrading or downgrading software versions
- password protection
-
- removing, Removing password protection
- password recovery, Disabling or re-enabling the password recovery process
- password security
-
- SSH password security
-
- password, Configuring the switch for SSH operation
- passwords
-
- clear password, enabled, Configuring front panel security
- default settings
-
- reset-on-clear disabled, Configuring front panel security
- manager and operator
-
- local, Local manager and operator passwords
- PCM, Optional HP PCM and IDM network management applications
- peap-mschapv2
-
- MSCHAPv2, Configuring authentication for the access methods that RADIUS protects
- plug-in
-
- HP PCM+, HP PCM+ Identity-Driven manager (IDM)
- port ACL
-
- ACL, IPv4, Static ACLs
- port security
-
- 802.1X, learn mode requirement, Configuring port security
- authorized address definition, Basic operation
- basic operation, Basic operation
- configuring, Planning port security
- Event Log, Using the Event Log to find intrusion alerts (CLI)
- notice of security violations, Notice of security violations
- operating notes, Operating notes for port security
- overview, Network security – default settings and security guidelines
- port-based access control, Configuring port security
- prior to, "Prior to" entries in the Intrusion Log
- proxy web server, Proxy Web servers
- port-based access control
-
- password, Saving security credentials in a config file
- port-security
-
- learn mode, Configuring port security
- privilege-mode option
-
- login, Using the privilege-mode option for login
- ProCurve manager
-
- port security alerts, Basic operation
- proxy
-
- web server, Proxy Web servers
R
- RADIUS
-
- accounting
-
- configuring, Configuring RADIUS accounting
- interim updating, Configuring session blocking and interim updating options (optional)
- session-blocking, Configuring session blocking and interim updating options (optional)
- accounting, configure server access, Configuring a switch to access a RADIUS server
- accounting, configure types on switch, Accounting controls
- accounting, exec, Accounting service types, Accounting service types to track
- accounting, network, Accounting service types to track
- accounting, operating rules, Operating rules for RADIUS accounting
- accounting, server failure, Operating rules for RADIUS accounting
- accounting, start-stop method, Accounting controls
- accounting, statistics terms, Values for show radius host output
- accounting, stop-only method, Accounting controls
- accounting, system, Accounting service types, Accounting service types to track
- administrative-user service-type value, Service-type value
- authentication
-
- local, Local authentication process (RADIUS)
- web, Authentication Services
- authentication limits, Dynamic removal of authentication limits
- authentication, authorized, Configuring authentication for the access methods that RADIUS protects
- authentication, WebAgent, Configuring authentication for the access methods that RADIUS protects
- authentication, webagent, Enabling manager access privilege (optional)
- authorization, Commands authorization
- change of authorization, Additional RADIUS attributes
- change-of-authorization attribute, Additional RADIUS attributes
- client CoS, Viewing the currently active per-port CoS and rate-limiting configuration
- client Rate-Limiting, Viewing the currently active per-port CoS and rate-limiting configuration
- commands authorization, Commands authorization
- commands, switch, Configuring the switch for RADIUS authentication
- configuring commands authorization, Configuring commands authorization on a RADIUS server
- configuring switch global parameters, Configuring the switch global RADIUS parameters
- CoS override, CoS and rate-limiting services
- default settings
-
- dyn-autz-port, Configuring the switch global RADIUS parameters
- radius-server dead-time, 0 minutes, Configuring the switch global RADIUS parameters
- radius-server retransmit, 3 seconds, Configuring the switch global RADIUS parameters
- radius-server timeout, 5 seconds, Configuring the switch global RADIUS parameters
- displaying group information, Viewing RADIUS server group information
- dynamic port access changes, Dynamic removal of authentication limits
- Egress-VLAN ID attribute, Tagged and untagged VLAN attributes
- Egress-VLAN-Name attribute, Tagged and untagged VLAN attributes
- HP-acct-terminate-cause attribute, Additional RADIUS attributes
- HP-Command-Exception, Using vendor specific attributes (VSAs)
- HP-command-string, Using vendor specific attributes (VSAs)
- IPv4 ACL, RADIUS services supported on the switch
- IPv6 ACL, RADIUS services supported on the switch
- login privilege-mode, application options, Enabling manager access privilege (optional)
- login-privilege mode, Enabling manager access privilege (optional)
- manager access denied, Service-type value
- manager access privilege, General RADIUS setup procedure, Enabling manager access privilege (optional)
- MD5, Switch operating rules for RADIUS
- MS-RAS-Vendor attribute, Additional RADIUS attributes
- multiple ACL application types in use, Effect of multiple ACL application types on an interface
- multiple server groups, Using multiple RADIUS server groups
- multiple servers, Configuring the switch global RADIUS parameters
- NAS-prompt-user service-type value, Service-type value
- network accounting, Accounting service types
- operating rules, switch, Switch operating rules for RADIUS
- override, precedence, multiple clients, Viewing the currently active per-port CoS and rate-limiting configuration
- rate-limiting configuration, Viewing the currently active per-port CoS and rate-limiting configuration
- security log access, Authentication and Authorization through RADIUS
- server access order, Operating rules for RADIUS accounting
- server access order, changing, Changing RADIUS-server access order
- server-group command, Connecting a RADIUS server with a server group, Configuring the primary password authentication method for console, Telnet, SSH and WebAgent
- service type value, General RADIUS setup procedure
- service-type value, Enabling manager access privilege (optional)
- service-type value, null, Enabling manager access privilege (optional)
- shared secret key, saving to configuration file, Saving security credentials in a config file
- show accounting, RADIUS accounting statistics
- show authentication
-
- authentication statistics, RADIUS authentication statistics
- statistics
-
- viewing, Viewing RADIUS statistics
- TLS, Switch operating rules for RADIUS
- Tunnel-Type attribute, Tagged and untagged VLAN attributes
- vendor specific attributes, Additional RADIUS attributes
- vendor-specific attributes, Using vendor specific attributes (VSAs)
- VSAs, Using vendor specific attributes (VSAs), Dynamic removal of authentication limits
- VSAs for client limit, Configuring the RADIUS VSAs
- web browser security not supported, General RADIUS setup procedure
- WebAgent access controls, Controlling WebAgent access when using TACACS+ authentication
- WebAgent security not supported, Controlling WebAgent access when using TACACS+ authentication
- RADIUS-assigned ACLs
-
- deny any, implicit, switched packets, The packet-filtering process
- deny in any ACL on an interface, Operating rules for RADIUS-assigned ACLs
- filters; enhancing network security, Traffic applications
- implicit deny, How a RADIUS server applies a RADIUS-assigned ACL to a client on a switch port
- multiple application types in use, Effect of multiple ACL application types on an interface
- multiple clients, access restriction, How a RADIUS server applies a RADIUS-assigned ACL to a client on a switch port
- multiple, on an interface, Operating rules for RADIUS-assigned ACLs
- resource monitor, Monitoring shared resources
- source routing, caution; source-routing, caution, Contrasting RADIUS-assigned and static ACLs
- standard attribute, Nas-Filter-Rule attribute options
- static ACLs
-
- contrasting, Contrasting RADIUS-assigned and static ACLs
- switched packets, The packet-filtering process
- vendor-specific attribute, Nas-Filter-Rule attribute options
- RADIUS-assigned ACLs;RADIUS
-
- ACL, Traffic applications
- rate-limiting
-
- RADIUS and CLI option, Per-port bandwidth override
- RADIUS egress, Egress (outbound) traffic
- RADIUS ingress, Ingress (inbound) traffic
- RADIUS server specified, Viewing the currently active per-port CoS and rate-limiting configuration
- RADIUS server support; RADIUS: rate-limiting, RADIUS services supported on the switch
- RADIUS-assigned
-
- increments, Applied rates for RADIUS-assigned rate limits
- RADIUS-assigned vs. applied, Applied rates for RADIUS-assigned rate limits
- RADIUS-assigned., Viewing the currently active per-port CoS and rate-limiting configuration
- removing
-
- password protection, Removing password protection
- Reset-on-clear
-
- disabled when saving security credentials to configuration file, Operating notes
- RFCs
-
- RFC 2548, Additional RADIUS attributes
- RFC 3580, Tagged and untagged VLAN attributes
- RFC 4675, Tagged and untagged VLAN attributes
- routing
-
- source-routing, caution, Contrasting RADIUS-assigned and static ACLs
S
- security
-
- authorized IP managers, Using Authorized IP Managers
- security credentials, Security settings that can be saved
-
- 802.1X credentials saved to configuration file, Restrictions on enabling security credentials
- copying configurations on the switch, Operating notes
- copying startup configuration, Operating notes
- disabling Reset-on-clear option, Operating notes
- downloading a configuration file, Operating notes
- downloading from a server, Benefits of saving security credentials
- SSH private keys not saved, Restrictions on enabling security credentials
- viewing in startup configuration, Operating notes
- when SNMPv3 credentials in downloaded file are not supported, Restrictions on enabling security credentials
- Security event log
-
- JITC, Security event log
- Security logs
-
- configuring concurrent sessions, Configuring concurrent sessions
- configuring concurrent sessions per user, Configuring concurrent sessions per user
- configuring non-stackable switches, For non-stackable switches, For non-stackable switches
- configuring stackable switches, For stackable switches, For stackable switches
- event-log wraps, Event log wrap
- failed login attempts delay, Failed login attempts delay
- restrictions, Restrictions
- security settings, Security settings that can be saved
- Security user
-
- commands, Security user commands
- creating, Creating a security user
- Security user log
-
- access, Security user log access
- security violations
-
- notices, Notice of security violations
- setting
-
- inactivity timer, Configuring password security
- shared secret key
-
- RADIUS, Saving security credentials in a config file
- TACACS, Saving security credentials in a config file
- SNMP
-
- password and username configuration, Overview
- SNMPv3
-
- security credentials not supported in downloaded file, Restrictions on enabling security credentials
- SSH
-
- authentication
-
- client public key, Client public-key authentication (login/operator level) with user password authentication (enable/manager level)
- user password, Client public-key authentication (login/operator level) with user password authentication (enable/manager level)
- caution, security, Configuring the switch for SSH operation
- CLI commands, Configuring the switch for SSH operation
- client
-
- copy client-known-hosts file, Copying the ssh-client-known-hosts file
- copy host public key, Copying the host public key
- copy private key, Copying client key files
- initiate session, Opening a secure session to an HP switch
- remove client key pair, Removing the SSH client key pair
- remove client known hosts file, Removing the SSH client known hosts file
- view open sessions, Displaying open sessions
- client behavior, Configuring the switch for SSH operation
- client public key
-
- clearing, Replacing or clearing the public-key file
- client public key, displaying, Creating a client public-key text file
- client public-key
-
- creating file, Creating a client public-key text file
- client public-key authentication, Configuring the switch for SSH operation
- configuring authentication, Configuring the switch for SSH operation
- configuring key lengths, Configuring the switch for SSH operation
- crypto key, Configuring the switch for SSH operation
- disabling, Configuring the switch for SSH operation
- enable, Configuring the switch for SSH operation
- enabling, Configuring the switch for SSH operation
- erase host key pair, Configuring the switch for SSH operation
- generate host key pair, Configuring the switch for SSH operation
- generating key pairs, Configuring the switch for SSH operation
- host key pair, Configuring the switch for SSH operation
- key
-
- babble, Configuring the switch for SSH operation
- fingerprint, Configuring the switch for SSH operation
- keys, zeroing, Configuring the switch for SSH operation
- keysize, Configuring the switch for SSH operation
- known-host file, Configuring the switch for SSH operation
- man-in-the-middle spoofing, Configuring the switch for SSH operation
- operating rules and notes, General operating rules and notes, General operating rules and notes
- password-only authentication, Configuring the switch for SSH operation
- passwords, assigning, Configuring the switch for SSH operation
- prerequisites, Prerequisite for using SSH
- private keys not saved to configuration file, Restrictions on enabling security credentials
- public key, Configuring the switch for SSH operation
- public key formats, Public key formats
- public key, displaying, Configuring the switch for SSH operation
- public key, saving to configuration file, Saving security credentials in a config file
- reserved IP port numbers, Configuring the switch for SSH operation
- security, Configuring the switch for SSH operation
- switch key to client, Configuring the switch for SSH operation
- unauthorized access, Enabling client public-key authentication
- version , Overview
- view open sessions, Displaying open sessions
- zeroing a key, Configuring the switch for SSH operation
- zeroize, Configuring the switch for SSH operation
- SSHv2
-
- overview, Overview
- SSL
-
- cert
-
- RSA key, Configuring the switch for SSH operation
- configuring
-
- steps, Steps for configuring and using SSL for switch and client authentication
- OpenSSL, Overview
- operating rules and notes, General operating rules and notes
- RSA key
-
- cert, Configuring the switch for SSH operation
- troubleshooting
-
- operating, Common errors in SSL setup
- version
-
- SSLv3, Overview
- TLSv1, Overview
- start range default settings
-
- port-access, Specifying the maximum number of authenticated MACs allowed on a port
- Suite B, Conformance to Suite-B Cryptography requirements
-
- minimum levels of security support, Conformance to Suite-B Cryptography requirements
- symbols in text, Typographic conventions
T
- TACACS
-
- aaa parameters, AAA authentication parameters
- authentication process, General authentication process using a TACACS+ server
- authentication request
-
- timeout, Specifying how long the switch waits for a TACACS+ server to respond to an authentication request
- authentication via Telnet, Configuring the switch TACACS+ server access
- authentication, local, Local authentication process (TACACS+)
- authorized IP managers, effect, Operating notes
- configuration
-
- on switch, Configuring TACACS+ on the switch
- server access, Configuring the switch TACACS+ server access
- configuration, authentication, Configuring the switch authentication methods
- configuration, viewing, Viewing the current TACACS+ server contact configuration
- encryption key, General authentication setup procedure, Configuring the switch TACACS+ server access
-
- configuration, Configuring an encryption key
- encryption key exclusion, Operating notes
- encryption key, general operation, Using the encryption key
- encryption key, global, Deleting a per-server encryption key
- encryption key, saving to configuration file, Saving security credentials in a config file
- IP address
-
- server, Configuring the switch TACACS+ server access
- local manager password requirement, Operating notes
- precautions
-
- TACACS testing, General system requirements
- preventing switch lockout, Configuring the switch TACACS+ server access
- privilege level code, General authentication setup procedure
- server access, Configuring the switch TACACS+ server access
- server priority, Adding, removing, or changing the priority of a TACACS+ server
- setup, general, General authentication setup procedure
- show authentication, Configuring TACACS+ on the switch
- single login, Configuring the TACACS+ server for single login
- single sign-on, Configuring the TACACS+ server for single login
- test
-
- troubleshooting, Configuring the switch TACACS+ server access
- TFTP
-
- configuration, Operating notes
- timeout, Configuring the switch TACACS+ server access
- timeout configuration, Configuring the timeout period
- troubleshooting, General authentication setup procedure
- unauthorized access, preventing
-
- manager password recommended, General authentication setup procedure
- TACACS server
-
- configuring
-
- single login, Configuring the TACACS+ server for single login
- TACACS+
-
- AAA, Overview
- general operation, Overview
- key string with tilde character, Optional, global "encryption key"
- messages, Messages related to TACACS+ operation
- security log access, Authentication and Authorization through TACACS+
- technical support
-
- HP, Contacting HP
- text symbols, Typographic conventions
- troubleshooting
-
- authorized IP managers, Operating notes
- typographic conventions, Typographic conventions
V
- VACL
-
- defined, Static ACLs
- operation defined, ACL applications
- vendor-specific attribute, CoS and rate-limiting services
-
- configuring, CoS and rate-limiting services
- configuring support for HP VSAs, Using vendor specific attributes (VSAs)
- defining, Example configuration on Cisco secure ACS for MS Windows
- viewing
-
- authentication configuration, Viewing the current authentication configuration
- VLAN
-
- Tagged egress VLAN in authentication session, Tagged and untagged VLAN attributes
- tagged egress VLAN in authentication session, Tagged and untagged VLAN attributes
- untagged VLAN in authentication session, VLAN assignment in an authentication session, Tagged and untagged VLAN attributes
W
- web and MAC
-
- authentication, Web and MAC Authentication
- Web authentication
-
- hierarchy of precedence in authentication session, Precedence of client-based authentication: Dynamic Configuration Arbiter (DCA)
- overview, Access security and switch authentication features
- web authentication
-
- authenticator operation, How web-based and MAC authentication operate
- blocked traffic, Overview
- CHAP usage, Overview
- client status, Client status
- concurrent with MAC, Concurrent web-based and MAC authentication
- LACP not allowed
-
- MAC authentication, Operating rules and notes
- rules of operation, Operating rules and notes
- web browser interface
-
- authorized IP managers
-
- configuring, Configuring IP Authorized managers for the switch (CLI)
- web server
-
- proxy, Proxy Web servers
- web-based authentication
-
- configuring, Configuring web-based authentication
- configuring commands, Configuration commands for web-based authentication
- prerequisites, Setup procedure for web-based/MAC authentication
- show commands, Show commands for web-based authentication
- WebAgent access
-
- RADIUS, Controlling WebAgent access when using TACACS+ authentication