HP PROCURVE W.14.03 Instrukcja Użytkownika Strona 182
- Strona / 594
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
RADIUS Authentication and Accounting
Commands Authorization
Commands Authorization
The RADIUS protocol combines user authentication and authorization steps
into one phase. The user must be successfully authenticated before the
RADIUS server will send authorization information (from the user’s profile)
to the Network Access Server (NAS). After user authentication has occurred,
the authorization information provided by the RADIUS server is stored on the
NAS for the duration of the user’s session. Changes in the user’s authorization
profile during this time will not be effective until after the next authentication
occurs.
You can limit the services for a user by enabling AAA RADIUS authorization.
The NAS uses the information set up on the RADIUS server to control the
user’s access to CLI commands.
The authorization type implemented on the switches covered in this guide is
the “commands” method. This method explicitly specifies on the RADIUS
server which commands are allowed on the client device for authenticated
users. This is done on a per-user or per-group basis.
Note The commands authorization will only be executed for commands entered
from Telnet, SSH, or console sessions. The Web management interface is not
supported.
By default, all users may execute a minimal set of commands regardless of
their authorization status, for example, “exit” and “logout”. This minimal set
of commands can prevent deadlock on the switch due to an error in the user’s
authorization profile on the RADIUS server.
5-26
- ProCurve Switches 1
- HP ProCurve 2910al Switch 3
- Hewlett-Packard Company 4
- 4 TACACS+ Authentication 8
- Configuring Port-Based and 16
- 15 Key Management System 20
- Product Documentation 21
- Software Feature Index 22
- Intelligent Edge Software 23
- Features 23
- Security Overview 27
- Introduction 28
- Access Security Features 29
- Network Security Features 33
- Physical Security 36
- Enter] 38
- SNMP Security Guidelines 42
- Network Immunity Manager 45
- Menu: Setting Passwords 54
- Security tab 57
- [Device Passwords] 57
- [Apply Changes] 57
- Config File 58
- Credentials 59
- ■ TACACS+ encryption keys 60
- SNMP Security Credentials 62
- Restrictions 69
- Front-Panel Security 71
- Front-Panel Button Functions 72
- Reset Button 73
- Password Recovery 80
- [Y] (for “Yes”) 81
- Password Recovery Process 82
- MAC Authentication 87
- Operate 89
- Web-based Authentication 90
- MAC-based Authentication 92
- Operating Rules and Notes 95
- Setup Procedure for Web/MAC 97
- RADIUS Server 100
- Web and MAC Authentication 101
- Overview 102
- Client Status 126
- TACACS+ Authentication 127
- Terminology Used in TACACS 129
- Applications: 129
- General System Requirements 131
- Before You Begin 134
- Configuration 135
- Server Contact Configuration 136
- Authentication Parameters 139
- Caution Regarding 142
- Login Primary 142
- [key < key-string >] 144
- First-Choice TACACS+ Server 147
- How Authentication Operates 150
- Local Authentication Process 151
- Using the Encryption Key 152
- Access When Using TACACS+ 153
- Authentication 153
- Messages Related to TACACS+ 154
- Operation 154
- Operating Notes 155
- Contents 157
- Accounting Services 160
- Configuration MIB 160
- Terminology 161
- You Want RADIUS To Protect 166
- Security Notes 177
- (hpSwitchAuth) is disabled 179
- Commands Authorization 182
- Enabling Authorization 183
- Additional RADIUS Attributes 190
- ■ IP address: 10.33.18.151 195
- ■ Stop-Only: 197
- Viewing RADIUS Statistics 199
- Note: The Webui 201
- RADIUS Accounting Statistics 202
- Limiting 210
- Configuring and Using 215
- Static ACLs 219
- ACL to a Switch Port 220
- The Packet-filtering Process 222
- Nas-Filter-Rule-Options 224
- FreeRADIUS Application 227
- RADIUS-Assigned ACL 229
- Configuration Notes 230
- Event Log Messages 235
- After Authenticating 236
- Monitoring Shared Resources 236
- Prerequisite for Using SSH 240
- Public Key Formats 240
- Host Public 247
- Key for the 247
- Configuring Key Lengths 248
- Bit Size 249
- Exponent <e> 249
- Modulus <n> 249
- Client Contact Behavior 251
- ■ Execute no ip ssh 252
- Enable SSH 254
- Public-Key Authentication 259
- Bit Size Exponent <e> 261
- Comment 261
- Key Index Number 263
- Logging Messages 266
- Debug Logging 266
- Prerequisite for Using SSL 271
- Security Tab 274
- Password Button 274
- Generate New Key 277
- Enter certificate Arguments 277
- Generate New Certificate 277
- [SSL] button 280
- Web browser interface 281
- Browser Contact Behavior 283
- Enable SLL 286
- Common Errors in SSL setup 287
- ACLs on the Switch 294
- Routing 307
- IPv4 Static ACL Operation 308
- Planning an ACL Application 312
- Security 313
- Matches 316
- Access Control Entry (ACE) 317
- ACL Configuration Structure 323
- Standard ACL Structure 324
- ■ A permit/deny statement 325
- ACL Configuration Factors 327
- General ACE Rules 330
- Configuring Standard ACLs 332
- 9-11 on page 9-48 340
- Configuring Extended ACLs 341
- [Shift] [?] key combination 350
- On an Interface 361
- Deleting an ACL 362
- Editing an Existing ACL 363
- Sequence Numbering in ACLs 364
- Attaching a Remark to an ACE 369
- Operating Notes for Remarks 372
- Display an ACL Summary 374
- Indicates whether the ACL 377
- The Offline Process 382
- Enable ACL “Deny” Logging 384
- ACL Logging Operation 385
- General ACL Operating Notes 387
- DHCP Snooping 391
- Enabling DHCP Snooping 392
- The DHCP Binding Database 399
- Enabling Debug Logging 400
- Operational Notes 400
- Log Messages 401
- Dynamic ARP Protection 403
- Configuring Trusted Ports 405
- Packets 408
- Examples 414
- Filter Types and Operation 419
- Source-Port Filters 420
- Example 421
- Named Source-Port Filters 422
- [ index ] 425
- Static Multicast Filters 431
- Protocol Filters 432
- * ), indicating that the 435
- Editing a Source-Port Filter 436
- Filter Indexing 438
- User Authentication Methods 444
- as defined in the 447
- 802.1X standard 447
- VLAN Membership Priority 450
- Access Control 455
- Authenticators 459
- Port-Based Authentication 461
- Wake-on-LAN Traffic 469
- 802.1X Open VLAN Mode 471
- VLAN Membership Priorities 472
- Unauthorized-Client VLANs 478
- Configure Port-Security 487
- Devices 487
- Port-Security 488
- Other Switches 489
- Statistics, and Counters 493
- ■ The switch reboots 506
- VLAN Assignment on a Port 508
- Based Authentication Session 510
- After the 802.1X session 513
- Port Security 520
- Eavesdrop Protection 521
- Trunk Group Exclusion 522
- Planning Port Security 523
- Configuring Port Security 528
- MAC Lockdown 538
- MAC Lockdown Operating Notes 541
- Deploying MAC Lockdown 542
- MAC Lockout 546
- < = 1024 16 16 547
- 1025-2048 8 8 547
- Security Features 549
- Alert Flags 549
- Note on 551
- Send-Disable 551
- Resetting Alert Flags 552
- Yes” for the port on which 553
- Using Authorized IP Managers 559
- Options 561
- Access Levels 561
- Stations 561
- Managers 563
- Web-Based Help 567
- Building IP Masks 568
- Key Management System 573
- Numerics 581
- 2 – Index 582
- Index – 3 583
- 4 – Index 584
- Index – 5 585
- 6 – Index 586
- Index – 7 587
- 8 – Index 588
- Index – 9 589
- 10 – Index 590
- Index – 11 591
- 12 – Index 592
- Development Company, L.P 594
- February 2009 594
- Manual Part Number 594
- 5992-5439 594
Powiązane produkty i podręczniki dla Oprogramowanie HP PROCURVE W.14.03
Oprogramowanie HP MT40 Podręcznik Użytkownika
(74 strony)
(74 strony)
Oprogramowanie HP 4100GL Instrukcja Użytkownika
(228 strony)
(228 strony)
Oprogramowanie HP 5300 Informacje Techniczne
(442 strony)
(442 strony)
© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.208 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji