1-3
Getting Started
Overview of Access Security Features
■ Secure Socket Layer (SSL) (page 7-1): Provides remote web access
to the switch via encrypted authentication paths between the switch
and management station clients capable of SSL/TLS operation.
■ Port-Based Access Control (802.1X) (page 8-1): On point-to-point
connections, enables the switch to allow or deny traffic between a
port and an 802.1X-aware device (supplicant) attempting to access
the switch. Also enables the switch to operate as a supplicant for
connections to other 802.1X-aware switches.
■ Port Security (page 9-1): Enables a switch port to maintain a unique
list of MAC addresses defining which specific devices are allowed to
access the network through that port. Also enables a port to detect,
prevent, and log access attempts by unauthorized devices.
■ Traffic/Security Filters (page 10-1): Source-Port filtering enhances
in-band security by enabling outbound destination ports on the switch
to forward or drop traffic from designated source ports (within the
same VLAN).
■ Authorized IP Managers (page 11-1): Allows access to the switch
by a networked device having an IP address previously configured in
the switch as "authorized".
Management Access Security Protection
In considering management access security for your switch, there are two key
areas to protect:
■ Unauthorized client access to switch management features
■ Unauthorized client access to the network.
Table 1-1 on page 1-4 provides an overview of the type of protection offered
by each switch security feature.
Note ProCurve recommends that you use local passwords together with your
switch’s other security features to provide a more comprehensive security
fabric than if you use only local passwords.