Manualios.com

HP 10500 series Configuration Manual

HP 10500 series Manual Online:

3.95, 2968 votes
HP 10500 series User Manual
HP 10500 series User Guide
HP 10500 series Online Manual

Text of HP 10500 series User Guide:

  • HP 10500 series, 171 Setting the port security mode After enabling port security, you can change the port security mode of a port only when the port is operating in noRestrictions (the default) mode. To change the port security mode for a port in any other mode, first use the undo port-security port-mode command to restore the default port security mode. You can specify a port security mode when port security is disabled, but your configuration cannot take effect. You cannot change the port security mode of a port when online users are present. Configuration prerequisites Before you set a port security mode for a port, complete the

  • HP 10500 series, 86 Enabling 802.1X Follow these guidelines when you enable 802.1X: • If the PVID of a port is a voice VLAN, the 802.1X function cannot take effect on the port. For more information about voice VLANs, see Layer 2 — LAN Switching Configuration Guide. • 802.1X is mutually exclusive with link aggregation and service loopback group configuration on a port. • On an 802.1X and MAC authentication enabled port, the EAP packet from an unknown MAC address immediately triggers 802.1X authentication, and any other type of packet from an unknown MAC address immediately triggers MAC authenticat

  • 163 authentication on the access interface, so the client can access the external network without authentication. Cross-subnet portal authentication across VPNs Network requirements As shown in Figure 72, Switch A (as the PE device connecting the user side) provides cross-subnet portal authentication for hosts in VPN 1 through communication with the RADIUS server and portal serve

  • HP 10500 series, 351 ARP attack protection user validity check configuration, 259 ARP restricted forwarding configuration, 262 auto-mode MFF in ring network configuration, 278 auto-mode MFF in tree network configuration, 277 enabling ARP attack protection black hole routing, 252 IPv6 ND attack defense configuration, 266 manual-mode MFF in ring network configuration, 282 manual-mode MFF in tree network configuration, 280 MFF configuration, 273, 275, 277 port security autoLearn configuration, 176 port security configuration, 166, 176 port security macAddressElseUserLoginSecure configuration, 183 port security userLogin

  • HP 10500 series, 127 clients and the access device in direct authentication and re-DHCP authentication, the access device can directly learn the clients' MAC addresses and can enhance the capability of controlling packet forwarding by also using the learned MAC addresses. Portal support for EAP Only Layer 3 portal authentication that uses a remote portal server supports EAP authentication. Username and password authentication is less secure than digital certificate authentication. EAP supports several digital certificate-based authentication metho

  • HP 10500 series, 220 Configuration procedure In the server configuration, the client public key is required. Use the client software to generate the RSA key pair on the client before configuring the Stelnet server. The device supports a variety of Stelnet client software, such as PuTTY, and OpenSSH. The following is an example of configuring Stelnet client using PuTTY Version 0.58. 1. Generate an RSA key pair on the Stelnet client: a. Run PuTTYGen.exe, select SSH-2 RSA and click Generate. Figure 82 Generating a key pair on the client When the generator is generating th

  • HP 10500 series, 191 Managing public keys To protect data confidentiality during transmission, the data sender uses an algorithm and a key to encrypt the plain text data before sending the data out. The receiver uses the same algorithm with the help of a key to decrypt the data, as shown in Figure 75. Figure 75 Encryption an d decryption The keys that participate in the conversion between plain text and cipher text can be the same or different, dividing the encryption and decryption algorithms into the fol

  • HP 10500 series, 314 [SwitchB] acl number 3101 [SwitchB-acl-adv-3101] rule 0 permit ip source 2.2.3.1 0 destination 2.2.2.1 0 [SwitchB-acl-adv-3101] rule 5 permit ip source 2.2.2.1 0 destination 2.2.3.1 0 [SwitchB-acl-adv-3101] quit # Create an IPsec proposal named tran1. [SwitchB] ipsec proposal tran1 # Specify the encapsulation mode as tunnel. [SwitchB-ipsec-proposal-tran1] encapsulation-mode tunnel # Specify the security protocol as ESP. [SwitchB-ipsec-proposal-tran1] transform esp # Specify the algorithms for the proposal. [SwitchB-ipsec-proposal-tran1

  • HP 10500 series, 341 portal authentication modes, 126 portal authentication process, 127 SSH MPLS L3VPN support, 202 URPF configuration, 268, 271, 272 local user (AAA), 16 local user password control parameters, 290 logging off portal users, 141 loose check (URPF), 268 MAC 802.1x port-based access control method, 80 address. SeeMACaddress authentication. SeeMACauthentication IP source guard configuration, 236, 243 IPv4 source guard configuration, 238 IPv4 source guard DHCP relay configuration, 246 IPv4

  • HP 10500 series, 83 Authentication status VLAN mani p ulation A user in the Auth-Fail VLAN passes 802.1X authentication Re-maps the MAC address of the user to the server-assigned VLAN. If the authentication server assigns no VLAN, re-maps the MAC address of the user to the initial PVID on the port. To perform the 802.1X Auth-Fail VLAN function on a port that performs MAC-based access control, you must ensure that the port is a hybrid port, and enable MAC-based VLAN on the port. The network device assigns a hybrid port to an 802.1X Auth-Fail VLAN as an untagged member. For more informa

  • HP 10500 series, ii Access control methods ········································································································································ 80 Using 802.1X authentication with other features ······························································································ 80 Configuration prerequisites ··································

  • 178 #Jul 14 10:39:47:135 2009 Device PORTSEC/4/VIOLATION:Trap1.3.6.1.4.1.25506.2.26.1. 3.2 An intrusion occurs! IfIndex: 9437185 Port: 9437185 MAC Addr: 00:02:00:00:00:32 VLAN ID: 1 IfAdminStatus: 1 # Execute the display interface command. You can see that the port security feature has disabled the port. [Device-GigabitEthernet1/0/1] display

  • HP 10500 series, 116 Feature Relationshi p descri p tion Reference Port intrusion protection The MAC authentication guest VLAN function has higher priority than the block MAC action but lower priority than the shut down port action of the port intrusion protection feature. See "Configuring port security." 802.1X guest VLAN on a port that performs MAC-based access control The MAC authentication guest VLAN has a lower priority. See "Configuring 802.1X." If MAC authentication clients in your network cannot trigger an immediate DHCP-assigned IP address renewal in response to a VLA

  • 283 4. Configure Switch B: # Enable STP. [SwitchB] stp enable # Configure manual-mode MFF. [SwitchB] vlan 100 [SwitchB-vlan-100] mac-forced-forwarding default-gateway 10.1.1.100 # Specify the IP address of the server. [SwitchB-vlan-100] mac-forced-forwarding server 10.1.1.200 # Enable ARP snooping. [SwitchB-vlan-100] arp-snooping enable [SwitchB-vlan-100] quit # Co

  • HP 10500 series, 313 <SwitchA> system-view [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 2.2.2.1 255.255.255.0 [SwitchA-Vlan-interface1] quit # Define an ACL to identify data flows between Switch A and Switch B. [SwitchA] acl number 3101 [SwitchA-acl-adv-3101] rule 0 permit ip source 2.2.2.1 0 destination 2.2.3.1 0 [SwitchA-acl-adv-3101] rule 5 permit ip source 2.2.3.1 0 destination 2.2.2.1 0 [SwitchA-acl-adv-3101] quit # Create an IPsec proposal named tran1. [SwitchA] ipsec proposal

  • HP 10500 series, 115 Ste p Command Remarks 3. Set the maximum number of concurrent MAC authentication users allowed on a port. mac-authentication max-user user-number Optional. The default is 1024. NOTE: W hen both (and only both) 802.1X authentication and MAC authentication are enabled on a port, the device performs 802.1X authentication for 802.1X users that first access the network from the port. Non-802.1X packets trigger MAC authentication. Specifying a MAC authentication domain By default, MAC

  • HP 10500 series, 93 Enabling the periodic online user re-authentication function Periodic online user re-authentication tracks the connection status of online users and updates the authorization attributes assigned by the server, such as the ACL, VLAN, and user profile-based QoS. The re-authentication interval is user configurable. Configuration guidelines • The periodic online user re-authentication timer can also be set by the authentication server in the session-timeout attribute. The server-assigned timer ove

  • 347 configuring IPv4 source guard DHCP relay, 246 configuring IPv4 source guard DHCP snooping, 245 configuring IPv4 source guard entry, 243 configuring IPv4 source guard static entry, 239 configuring IPv6 ND attack defense, 266 configuring IPv6 source guard, 240 configuring IPv6 source guard static entry, 241, 247 configuring ISP domain accounting method (AAA), 44 co

  • HP 10500 series, 210 Enabling first-time authentication Ste p Command Remarks 1. Enter system view. system-view N/A 2. Enable first-time authentication. ssh client first-time enable Optional. Enabled by default. Disabling first-time authentication Ste p Command Remarks 1. Enter system view. system-view N/A 2. Disable first-time authentication. undo ssh client first-time Enabled by default. 3. Configure the server host public key. See "Configuring a client's host publi c key" The method for configuring the server host public

  • HP 10500 series, 339 functions, 316 identity authentication, 315 identity protection, 315 maintaining, 323 operation, 315 PFS feature, 315 protocols and standards, 317 relationship between IKE and IPsec, 317 SA, 300 security mechanism, 315 troubleshooting, 326 troubleshooting ACL configuration error, 327 troubleshooting invalid user ID, 326 troubleshooting IPsec tunnel establish failure, 327 troubleshooting proposal mismatch, 326 IKE data authentication identity authentication, 315 identity protection,

  • HP 10500 series, 291 Setting super password control parameters CLI commands fall into four levels: visit, monitor, system, and manage, in ascending order. Accordingly, login users fall into four levels, each corresponding to a command level. A user of a certain level can only use the commands at that level or lower levels. To switch from a lower user level to a higher one, a user needs to enter a password for authentication. This password is called a super password. For more information on super passwords, see Fundamentals Configuration Guide. To set super password control parameters: Ste p Command Remarks 1. Enter syste

  • HP 10500 series, 261 [SwitchB-vlan10] interface gigabitethernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] arp detection trust [SwitchB-GigabitEthernet1/0/3] quit After the configurations are completed, ARP packets received on interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are checked against 802.1X entries. User validity check and ARP packet validity check configuration example Network requirements As shown in Figure 101, • Configure the DHCP server on Switch A. • Configure DHCP snooping on Switch

  • HP 10500 series, 294 User account idle-time: 30 days Login with aged password: 5 times in 60 day(s) Password complexity: Enabled (username checking) Enabled (repeated characters checking) # Display the password control configuration for super passwords. <Sysname> display password-control super Super password control configurations: Password aging: Enabled (30 days) Password length:

  • HP 10500 series, 338 enabling IPv6 ND attack defense source MAC packet consistency check, 267 IP source guard configuration, 236, 243 IPv4 source guard configuration, 238 IPv4 source guard DHCP relay configuration, 246 IPv4 source guard DHCP snooping configuration, 245 IPv4 source guard entry configuration, 243 IPv6 source guard binding static entry configuration, 247 IPv6 source guard configuration, 240 FIPS conditional self-test, 295 configuration, 295, 296, 297 displaying, 297 enabling, 296 known-answer test, 295 power-up self-test, 295 se

  • HP 10500 series, 324 [SwitchA] acl number 3101 [SwitchA-acl-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0 [SwitchA-acl-adv-3101] rule 1 permit ip source 2.2.2.2 0 destination 1.1.1.1 0 [SwitchA-acl-adv-3101] quit # Create IPsec proposal tran1. [SwitchA] ipsec proposal tran1 # Set the packet encapsulation mode to tunnel. [SwitchA-ipsec-proposal-tran1] encapsulation-mode tunnel # Use security protocol ESP. [Switch-ipsec-proposal-tran1] transform esp # Specify encryption and authentication algorithms. [SwitchA-ipsec-proposal-tran1] esp encryption-algorithm aes 128 [SwitchA-ipsec-proposal-tran1] esp authentication-algorithm sha1 [SwitchA-ipsec-proposal-tran1] quit # C

  • 85 ACL assignment You can specify an ACL for an 802.1X user to control its access to network resources. After the user passes 802.1X authentication, the authentication server (either the local access device or a RADIUS server) assigns the ACL to the port to filter the traffic from this user. In either case, you must configure the ACL on the access device. You

  • HP 10500 series, 263 Figure 102 Network diagram Configuration procedure 1. Configure VLAN 10, add ports to VLAN 10, and configure the IP address of the VLAN-interface, as shown in Figure 98. (Det ails not shown.) 2. Enable DHCP on Swtich A, and configure DHCP address pool 0. <SwitchA> system-view [SwitchA] dhcp enable [SwitchA] dhcp server ip-pool 0 [SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 3. Configure the DHCP client on Hosts A and B. (Details not shown.) 4. Configure Switch B:

  • HP 10500 series, 315 Configuring IKE Unless otherwise specified, IKE in this chapter refers to IKEv1. The IKE feature is available only when the device is operating in FIPS mode. IKE overview Built on a framework defined by the Internet Security Association and Key Management Protocol (ISAKMP), Internet Key Exchange (IKE) provides automatic key negotiation and SA establishment services for IPsec, simplifying the application, management, configuration and maintenance of IPsec dramatically. Instead of transmitting keys directly across a network, IKE peers transmit keying materials between them, and calculate shared keys respectively. Even if a third party captures all exchanged data fo

  • 140 { Sending a log—When the status of a portal server changes, the access device sends a log message. The log message indicates the portal server name and the current state and original state of the portal server. { Disabling portal authentication (enabling portal authentication bypass)—When the device detects that a portal server is unreachable, it disables portal

  • HP 10500 series, 264 # Enable ARP packet validity check by checking the MAC addresses and IP addresses of ARP packets. [SwitchB] arp detection validate dst-mac ip src-mac # Configure port isolation. [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port-isolate enable [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] port-isolate enable [SwitchB-GigabitEthernet1/0/2] quit After the preceding configurations are complete, ARP packets received on interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 have their MAC and IP addresses checked first, and then are checked against the static IP source guar

Related Products and Documents (Switch):

Comparable Devices:

# Manufacturer Model Document Type File Updated Pages Size
1 Essick BFC2200 Instruction manual essick/bfc2200-RSX.pdf 10 Aug 2022 4 0.34 Mb
2 Philips HD6109 User manual manual philips/hd6109-382.pdf 02 Apr 2023 120 1.82 Mb
3 3M 3MWTS100 Installation and operating instructions manual 3m/3mwts100-W98.pdf 03 Nov 2023 32
4 Sony LPR-1000MD User manual manual sony/lpr-1000md-9H7.pdf 15 Mar 2024 67 1.63 Mb
5 FEBREZE FHT170 SERIES Use and care manual febreze/fht170-series-664.pdf 13 May 2023 17
6 Oki OKIOFFICE 44 Service manual oki/okioffice-44-4GY.pdf 21 Nov 2022 387

Similar Resources:

  • schmersal

    AZM 161 Series

    (6 pages)
    AZM 161../..Operating instructionsSolenoid interlockEN11. About this document1.1 FunctionThis operating instructions manual provides all the information you need for the mounting, set-up and commissioning to ensure the safe operation and disassembly of the safety switchgear. The operating inst-ructions must be available in a legible condition and a complet …
  • Black Box

    ServSwitch Ultra KV5002MA-R2

    (30 pages)
    MAY 2000KV5002MA-R2 KV5004SA-R2KV5008SA-R2 KV5008FA-R2KV5012FA-R2 KV5016FA-R2Step-By-Step Quick Install Guide for the ServSwitch™ Ultra1. IntroductionThis guide is designed to quickly show you how to attach cables andequipment in order to install a ServSwitch Ultra system. For just the basics,look over the diagram on the next two pages. More detailed instr …
  • NETGEAR

    ProSafe GS108v3

    (2 pages)
    )NSTALLATION'UIDEProSafe 8-Port Gigabit Ethernet Switch GS108v3Estimated installation time: 5-10 minutesPackage Contents The package includes: • ProSafe 8-Port Gigabit Ethernet Switch GS108v3• AC power adapter• GS108v3 Installation Guide (this document)• Warranty/Support information cardPrepare to Install the SwitchDecide where you want to pl …
  • NETGEAR

    ProSafe GS108T-200

    (3 pages)
    24/7T E C H N I C A L S U P P O R T*1-888-NETGEAR (638-4327)Email: [email protected]® 8-port Gigabit Smart Switch Data SheetGS108Tv2 Power up Your Small Network with Gigabit SpeedsNETGEAR’s family of Prosafe® Gigabit Smart Switches is purposely designed for SMB customers with high performance, SMB-oriented features and easy management. With 8 10/ …
  • Intermatic

    T2006

    (1 pages)
    MODEL: T2006CALENDAR DIAL TIME SWITCHFOR UP TO 42 TIMING OPERATIONS ON 7 DAY SCHEDULE SINGLE POLE DOUBLE POLESWITCH RATING: 20 AMP. 125-480 VOLTS A.C. 1/2 HP-125V 1 HP-250V.CLOCK MOTOR: 208-277V. - 60 HZ.MINIMUM ON OR OFF TIME IS 2 HOURS.EXTENDABLE IN 2 HOUR INCREMENTS;WIRING INSTRUCTIONSThis Time Switch can be wired to control two circuits as Single Pole …
  • Tripp Lite

    PDUMH15AT

    (12 pages)
    1. Important Safety Instructions 22. Installation 32.1 Mounting the PDU 32.2 Connecting the PDU 32.3 Networking the PDU 52.3.1 Dynamic IP Address Assignment 52.3.2 Static IP Address Assignment 52.3.3 Testing Network Connection 73. Features 84. Configuration and Operation 104.1 Automatic Transfer Switch 104.1.1 Preferred Configuration 104.1.2 Au …

Comments, Questions and Opinions: