HP 10500 series Configuration Manual
|
HP 10500 series, 171 Setting the port security mode After enabling port security, you can change the port security mode of a port only when the port is operating in noRestrictions (the default) mode. To change the port security mode for a port in any other mode, first use the undo port-security port-mode command to restore the default port security mode. You can specify a port security mode when port security is disabled, but your configuration cannot take effect. You cannot change the port security mode of a port when online users are present. Configuration prerequisites Before you set a port security mode for a port, complete the
HP 10500 series, 86 Enabling 802.1X Follow these guidelines when you enable 802.1X: • If the PVID of a port is a voice VLAN, the 802.1X function cannot take effect on the port. For more information about voice VLANs, see Layer 2 — LAN Switching Configuration Guide. • 802.1X is mutually exclusive with link aggregation and service loopback group configuration on a port. • On an 802.1X and MAC authentication enabled port, the EAP packet from an unknown MAC address immediately triggers 802.1X authentication, and any other type of packet from an unknown MAC address immediately triggers MAC authenticat
163 authentication on the access interface, so the client can access the external network without authentication. Cross-subnet portal authentication across VPNs Network requirements As shown in Figure 72, Switch A (as the PE device connecting the user side) provides cross-subnet portal authentication for hosts in VPN 1 through communication with the RADIUS server and portal serve
HP 10500 series, 351 ARP attack protection user validity check configuration, 259 ARP restricted forwarding configuration, 262 auto-mode MFF in ring network configuration, 278 auto-mode MFF in tree network configuration, 277 enabling ARP attack protection black hole routing, 252 IPv6 ND attack defense configuration, 266 manual-mode MFF in ring network configuration, 282 manual-mode MFF in tree network configuration, 280 MFF configuration, 273, 275, 277 port security autoLearn configuration, 176 port security configuration, 166, 176 port security macAddressElseUserLoginSecure configuration, 183 port security userLogin
HP 10500 series, 127 clients and the access device in direct authentication and re-DHCP authentication, the access device can directly learn the clients' MAC addresses and can enhance the capability of controlling packet forwarding by also using the learned MAC addresses. Portal support for EAP Only Layer 3 portal authentication that uses a remote portal server supports EAP authentication. Username and password authentication is less secure than digital certificate authentication. EAP supports several digital certificate-based authentication metho
HP 10500 series, 220 Configuration procedure In the server configuration, the client public key is required. Use the client software to generate the RSA key pair on the client before configuring the Stelnet server. The device supports a variety of Stelnet client software, such as PuTTY, and OpenSSH. The following is an example of configuring Stelnet client using PuTTY Version 0.58. 1. Generate an RSA key pair on the Stelnet client: a. Run PuTTYGen.exe, select SSH-2 RSA and click Generate. Figure 82 Generating a key pair on the client When the generator is generating th
HP 10500 series, 191 Managing public keys To protect data confidentiality during transmission, the data sender uses an algorithm and a key to encrypt the plain text data before sending the data out. The receiver uses the same algorithm with the help of a key to decrypt the data, as shown in Figure 75. Figure 75 Encryption an d decryption The keys that participate in the conversion between plain text and cipher text can be the same or different, dividing the encryption and decryption algorithms into the fol
HP 10500 series, 314 [SwitchB] acl number 3101 [SwitchB-acl-adv-3101] rule 0 permit ip source 2.2.3.1 0 destination 2.2.2.1 0 [SwitchB-acl-adv-3101] rule 5 permit ip source 2.2.2.1 0 destination 2.2.3.1 0 [SwitchB-acl-adv-3101] quit # Create an IPsec proposal named tran1. [SwitchB] ipsec proposal tran1 # Specify the encapsulation mode as tunnel. [SwitchB-ipsec-proposal-tran1] encapsulation-mode tunnel # Specify the security protocol as ESP. [SwitchB-ipsec-proposal-tran1] transform esp # Specify the algorithms for the proposal. [SwitchB-ipsec-proposal-tran1
HP 10500 series, 341 portal authentication modes, 126 portal authentication process, 127 SSH MPLS L3VPN support, 202 URPF configuration, 268, 271, 272 local user (AAA), 16 local user password control parameters, 290 logging off portal users, 141 loose check (URPF), 268 MAC 802.1x port-based access control method, 80 address. SeeMACaddress authentication. SeeMACauthentication IP source guard configuration, 236, 243 IPv4 source guard configuration, 238 IPv4 source guard DHCP relay configuration, 246 IPv4
HP 10500 series, 83 Authentication status VLAN mani p ulation A user in the Auth-Fail VLAN passes 802.1X authentication Re-maps the MAC address of the user to the server-assigned VLAN. If the authentication server assigns no VLAN, re-maps the MAC address of the user to the initial PVID on the port. To perform the 802.1X Auth-Fail VLAN function on a port that performs MAC-based access control, you must ensure that the port is a hybrid port, and enable MAC-based VLAN on the port. The network device assigns a hybrid port to an 802.1X Auth-Fail VLAN as an untagged member. For more informa
HP 10500 series, ii Access control methods ········································································································································ 80 Using 802.1X authentication with other features ······························································································ 80 Configuration prerequisites ··································
178 #Jul 14 10:39:47:135 2009 Device PORTSEC/4/VIOLATION:Trap1.3.6.1.4.1.25506.2.26.1. 3.2 An intrusion occurs! IfIndex: 9437185 Port: 9437185 MAC Addr: 00:02:00:00:00:32 VLAN ID: 1 IfAdminStatus: 1 # Execute the display interface command. You can see that the port security feature has disabled the port. [Device-GigabitEthernet1/0/1] display
HP 10500 series, 116 Feature Relationshi p descri p tion Reference Port intrusion protection The MAC authentication guest VLAN function has higher priority than the block MAC action but lower priority than the shut down port action of the port intrusion protection feature. See "Configuring port security." 802.1X guest VLAN on a port that performs MAC-based access control The MAC authentication guest VLAN has a lower priority. See "Configuring 802.1X." If MAC authentication clients in your network cannot trigger an immediate DHCP-assigned IP address renewal in response to a VLA
283 4. Configure Switch B: # Enable STP. [SwitchB] stp enable # Configure manual-mode MFF. [SwitchB] vlan 100 [SwitchB-vlan-100] mac-forced-forwarding default-gateway 10.1.1.100 # Specify the IP address of the server. [SwitchB-vlan-100] mac-forced-forwarding server 10.1.1.200 # Enable ARP snooping. [SwitchB-vlan-100] arp-snooping enable [SwitchB-vlan-100] quit # Co
HP 10500 series, 313 <SwitchA> system-view [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 2.2.2.1 255.255.255.0 [SwitchA-Vlan-interface1] quit # Define an ACL to identify data flows between Switch A and Switch B. [SwitchA] acl number 3101 [SwitchA-acl-adv-3101] rule 0 permit ip source 2.2.2.1 0 destination 2.2.3.1 0 [SwitchA-acl-adv-3101] rule 5 permit ip source 2.2.3.1 0 destination 2.2.2.1 0 [SwitchA-acl-adv-3101] quit # Create an IPsec proposal named tran1. [SwitchA] ipsec proposal
HP 10500 series, 115 Ste p Command Remarks 3. Set the maximum number of concurrent MAC authentication users allowed on a port. mac-authentication max-user user-number Optional. The default is 1024. NOTE: W hen both (and only both) 802.1X authentication and MAC authentication are enabled on a port, the device performs 802.1X authentication for 802.1X users that first access the network from the port. Non-802.1X packets trigger MAC authentication. Specifying a MAC authentication domain By default, MAC
HP 10500 series, 93 Enabling the periodic online user re-authentication function Periodic online user re-authentication tracks the connection status of online users and updates the authorization attributes assigned by the server, such as the ACL, VLAN, and user profile-based QoS. The re-authentication interval is user configurable. Configuration guidelines • The periodic online user re-authentication timer can also be set by the authentication server in the session-timeout attribute. The server-assigned timer ove
347 configuring IPv4 source guard DHCP relay, 246 configuring IPv4 source guard DHCP snooping, 245 configuring IPv4 source guard entry, 243 configuring IPv4 source guard static entry, 239 configuring IPv6 ND attack defense, 266 configuring IPv6 source guard, 240 configuring IPv6 source guard static entry, 241, 247 configuring ISP domain accounting method (AAA), 44 co
HP 10500 series, 210 Enabling first-time authentication Ste p Command Remarks 1. Enter system view. system-view N/A 2. Enable first-time authentication. ssh client first-time enable Optional. Enabled by default. Disabling first-time authentication Ste p Command Remarks 1. Enter system view. system-view N/A 2. Disable first-time authentication. undo ssh client first-time Enabled by default. 3. Configure the server host public key. See "Configuring a client's host publi c key" The method for configuring the server host public
HP 10500 series, 339 functions, 316 identity authentication, 315 identity protection, 315 maintaining, 323 operation, 315 PFS feature, 315 protocols and standards, 317 relationship between IKE and IPsec, 317 SA, 300 security mechanism, 315 troubleshooting, 326 troubleshooting ACL configuration error, 327 troubleshooting invalid user ID, 326 troubleshooting IPsec tunnel establish failure, 327 troubleshooting proposal mismatch, 326 IKE data authentication identity authentication, 315 identity protection,
HP 10500 series, 291 Setting super password control parameters CLI commands fall into four levels: visit, monitor, system, and manage, in ascending order. Accordingly, login users fall into four levels, each corresponding to a command level. A user of a certain level can only use the commands at that level or lower levels. To switch from a lower user level to a higher one, a user needs to enter a password for authentication. This password is called a super password. For more information on super passwords, see Fundamentals Configuration Guide. To set super password control parameters: Ste p Command Remarks 1. Enter syste
HP 10500 series, 261 [SwitchB-vlan10] interface gigabitethernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] arp detection trust [SwitchB-GigabitEthernet1/0/3] quit After the configurations are completed, ARP packets received on interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are checked against 802.1X entries. User validity check and ARP packet validity check configuration example Network requirements As shown in Figure 101, • Configure the DHCP server on Switch A. • Configure DHCP snooping on Switch
HP 10500 series, 294 User account idle-time: 30 days Login with aged password: 5 times in 60 day(s) Password complexity: Enabled (username checking) Enabled (repeated characters checking) # Display the password control configuration for super passwords. <Sysname> display password-control super Super password control configurations: Password aging: Enabled (30 days) Password length:
HP 10500 series, 338 enabling IPv6 ND attack defense source MAC packet consistency check, 267 IP source guard configuration, 236, 243 IPv4 source guard configuration, 238 IPv4 source guard DHCP relay configuration, 246 IPv4 source guard DHCP snooping configuration, 245 IPv4 source guard entry configuration, 243 IPv6 source guard binding static entry configuration, 247 IPv6 source guard configuration, 240 FIPS conditional self-test, 295 configuration, 295, 296, 297 displaying, 297 enabling, 296 known-answer test, 295 power-up self-test, 295 se
HP 10500 series, 324 [SwitchA] acl number 3101 [SwitchA-acl-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0 [SwitchA-acl-adv-3101] rule 1 permit ip source 2.2.2.2 0 destination 1.1.1.1 0 [SwitchA-acl-adv-3101] quit # Create IPsec proposal tran1. [SwitchA] ipsec proposal tran1 # Set the packet encapsulation mode to tunnel. [SwitchA-ipsec-proposal-tran1] encapsulation-mode tunnel # Use security protocol ESP. [Switch-ipsec-proposal-tran1] transform esp # Specify encryption and authentication algorithms. [SwitchA-ipsec-proposal-tran1] esp encryption-algorithm aes 128 [SwitchA-ipsec-proposal-tran1] esp authentication-algorithm sha1 [SwitchA-ipsec-proposal-tran1] quit # C
85 ACL assignment You can specify an ACL for an 802.1X user to control its access to network resources. After the user passes 802.1X authentication, the authentication server (either the local access device or a RADIUS server) assigns the ACL to the port to filter the traffic from this user. In either case, you must configure the ACL on the access device. You
HP 10500 series, 263 Figure 102 Network diagram Configuration procedure 1. Configure VLAN 10, add ports to VLAN 10, and configure the IP address of the VLAN-interface, as shown in Figure 98. (Det ails not shown.) 2. Enable DHCP on Swtich A, and configure DHCP address pool 0. <SwitchA> system-view [SwitchA] dhcp enable [SwitchA] dhcp server ip-pool 0 [SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 3. Configure the DHCP client on Hosts A and B. (Details not shown.) 4. Configure Switch B:
HP 10500 series, 315 Configuring IKE Unless otherwise specified, IKE in this chapter refers to IKEv1. The IKE feature is available only when the device is operating in FIPS mode. IKE overview Built on a framework defined by the Internet Security Association and Key Management Protocol (ISAKMP), Internet Key Exchange (IKE) provides automatic key negotiation and SA establishment services for IPsec, simplifying the application, management, configuration and maintenance of IPsec dramatically. Instead of transmitting keys directly across a network, IKE peers transmit keying materials between them, and calculate shared keys respectively. Even if a third party captures all exchanged data fo
140 { Sending a log—When the status of a portal server changes, the access device sends a log message. The log message indicates the portal server name and the current state and original state of the portal server. { Disabling portal authentication (enabling portal authentication bypass)—When the device detects that a portal server is unreachable, it disables portal
HP 10500 series, 264 # Enable ARP packet validity check by checking the MAC addresses and IP addresses of ARP packets. [SwitchB] arp detection validate dst-mac ip src-mac # Configure port isolation. [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port-isolate enable [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] port-isolate enable [SwitchB-GigabitEthernet1/0/2] quit After the preceding configurations are complete, ARP packets received on interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 have their MAC and IP addresses checked first, and then are checked against the static IP source guar
HP StorageWorks 8B - FC Entry Switch Switch Operation & user’s manual
StorageWorks 8B - FC Entry Switch |
HP P2000 Switch Release note
P2000 |
HP Deskjet 600 Switch Hardware reference manual
Deskjet 600 |
HP 6125XLG Switch Configuration manual
6125XLG |
HP Xw460c - ProLiant - Blade Workstation Switch Installation manual
Xw460c - ProLiant - Blade Workstation |
HP AJ732A - Cisco MDS 9134 Fabric Switch Switch Configuration manual
AJ732A - Cisco MDS 9134 Fabric Switch |
HP ProCurve 1800-24G Switch Management and configuration manual
ProCurve 1800-24G |
HP 60C - Optical Disk Jukebox Switch Replacement instructions
60C - Optical Disk Jukebox |
# | Manufacturer | Model | Document Type | File | Updated | Pages | Size |
---|---|---|---|---|---|---|---|
1 | Essick | BFC2200 | Instruction manual | essick/bfc2200-RSX.pdf | 10 Aug 2022 | 4 | 0.34 Mb |
2 | Philips | HD6109 | User manual manual | philips/hd6109-382.pdf | 02 Apr 2023 | 120 | 1.82 Mb |
3 | 3M | 3MWTS100 | Installation and operating instructions manual | 3m/3mwts100-W98.pdf | 03 Nov 2023 | 32 | |
4 | Sony | LPR-1000MD | User manual manual | sony/lpr-1000md-9H7.pdf | 15 Mar 2024 | 67 | 1.63 Mb |
5 | FEBREZE | FHT170 SERIES | Use and care manual | febreze/fht170-series-664.pdf | 13 May 2023 | 17 | |
6 | Oki | OKIOFFICE 44 | Service manual | oki/okioffice-44-4GY.pdf | 21 Nov 2022 | 387 |
schmersal
AZM 161../..Operating instructionsSolenoid interlockEN11. About this document1.1 FunctionThis operating instructions manual provides all the information you need for the mounting, set-up and commissioning to ensure the safe operation and disassembly of the safety switchgear. The operating inst-ructions must be available in a legible condition and a complet …
AZM 161 Series(6 pages) |
Black Box
MAY 2000KV5002MA-R2 KV5004SA-R2KV5008SA-R2 KV5008FA-R2KV5012FA-R2 KV5016FA-R2Step-By-Step Quick Install Guide for the ServSwitch™ Ultra1. IntroductionThis guide is designed to quickly show you how to attach cables andequipment in order to install a ServSwitch Ultra system. For just the basics,look over the diagram on the next two pages. More detailed instr …
ServSwitch Ultra KV5002MA-R2(30 pages) |
NETGEAR
)NSTALLATION'UIDEProSafe 8-Port Gigabit Ethernet Switch GS108v3Estimated installation time: 5-10 minutesPackage Contents The package includes: • ProSafe 8-Port Gigabit Ethernet Switch GS108v3• AC power adapter• GS108v3 Installation Guide (this document)• Warranty/Support information cardPrepare to Install the SwitchDecide where you want to pl …
ProSafe GS108v3(2 pages) |
NETGEAR
24/7T E C H N I C A L S U P P O R T*1-888-NETGEAR (638-4327)Email: [email protected]® 8-port Gigabit Smart Switch Data SheetGS108Tv2 Power up Your Small Network with Gigabit SpeedsNETGEAR’s family of Prosafe® Gigabit Smart Switches is purposely designed for SMB customers with high performance, SMB-oriented features and easy management. With 8 10/ …
ProSafe GS108T-200(3 pages) |
Intermatic
MODEL: T2006CALENDAR DIAL TIME SWITCHFOR UP TO 42 TIMING OPERATIONS ON 7 DAY SCHEDULE SINGLE POLE DOUBLE POLESWITCH RATING: 20 AMP. 125-480 VOLTS A.C. 1/2 HP-125V 1 HP-250V.CLOCK MOTOR: 208-277V. - 60 HZ.MINIMUM ON OR OFF TIME IS 2 HOURS.EXTENDABLE IN 2 HOUR INCREMENTS;WIRING INSTRUCTIONSThis Time Switch can be wired to control two circuits as Single Pole …
T2006(1 pages) |
Tripp Lite
1. Important Safety Instructions 22. Installation 32.1 Mounting the PDU 32.2 Connecting the PDU 32.3 Networking the PDU 52.3.1 Dynamic IP Address Assignment 52.3.2 Static IP Address Assignment 52.3.3 Testing Network Connection 73. Features 84. Configuration and Operation 104.1 Automatic Transfer Switch 104.1.1 Preferred Configuration 104.1.2 Au …
PDUMH15AT(12 pages) |
Acer Projector PD525Projector #5115XI PD525, 2 |
ION Speakers Party Rocker PlusION Party Rocker Plus Speakers Quick start manual Party Rocker Plus, 7 |
Velleman Battery Charger VLE5Battery Charger #LJ3E21 VLE5, 20 |
Hyundai Car Navigation system SONATAOperation & user’s manual for Hyundai SONATA Car Navigation system SONATA, 107 |
HP Storage Surestore Disk Array 12h - And FC60#Q3GQYR Surestore Disk Array 12h - And FC60: HP Storage Owner Documentation Surestore Disk Array 12h - And FC60, 279 |
Xerox Scanner XDM5205DWU - DocuMate 520Scanner PDF Installation manual XDM5205DWU - DocuMate 520, 73 |
Smeg Microwave Oven FMI120Smeg FMI120 Microwave Oven Instruction manual FMI120, 27 |
FMI Indoor Fireplace VB36User Guide: FMI VB36 (85Y372, Upd.Fri 01.2024) VB36, 44 |
LG Microwave Oven LMV1852LG LMV1852 User Guide (Owner's manual), @ZC71P4 LMV1852, 60 |
Insignia LED TV NS-32E400NA14Insignia LED TV NS-32E400NA14 Specifications NS-32E400NA14, 2 |
Rain Bird Irrigation System 5000 PlusIrrigation System Installation instructions (Rain Bird 5000 Plus) 5000 Plus, 2 |
Amana Microwave Oven RC517RC517 Owner's manual - 8OX34D RC517, 178 |