General switch traffic security guidelines, General switch traffic security guidelines -4 – HP 2600 Series User Manual
Page 20
1-4
Getting Started
Overview of Access Security Features
Table 1-1.
Management Access Security Protection
General Switch Traffic Security Guidelines
Where the switch is running multiple security options, it implements network
traffic security based on the OSI (Open Systems Interconnection model)
precedence of the individual options, from the lowest to the highest. The
following list shows the order in which the switch implements configured
security features on traffic moving through a given port.
1.
Disabled/Enabled physical port
2.
MAC lockout (applies to all ports on the switch)
3.
MAC lockdown
4.
Port security
5.
Authorized IP Managers
6.
Application features at higher levels in the OSI model, such as SSH
(The above list does not address the mutually exclusive relationship that
exists among some security features.)
Security Feature
Offers Protection Against Unauthorized Client Access to
Switch Management Features
Offers Protection
Against
Unauthorized Client
Access to the
Network
Connection
Telnet
SNMP
(Net Mgmt)
Web
Browser
SSH
Client
Local Manager and Operator
Usernames and Passwords
1
PtP:
Yes
No
Yes
Yes
No
Remote:
Yes
No
Yes
Yes
No
TACACS+
1
PtP:
Yes
No
No
Yes
No
Remote:
Yes
No
No
Yes
No
RADIUS
1
PtP:
Yes
No
No
Yes
No
Remote:
Yes
No
No
Yes
No
SSH
Ptp:
Yes
No
No
Yes
No
Remote:
Yes
No
No
Yes
No
SSL
Ptp:
No
No
Yes
No
No
Remote:
No
No
Yes
No
No
Port-Based Access Control (802.1X)
PtP:
Yes
Yes
Yes
Yes
Yes
Remote:
No
No
No
No
No
Port Security (MAC address)
PtP:
Yes
Yes
Yes
Yes
Yes
Remote:
Yes
Yes
Yes
Yes
Yes
Authorized IP Managers
PtP:
Yes
Yes
Yes
Yes
No
Remote:
Yes
Yes
Yes
Yes
No
1
The local Manager/Operator, TACACS+, and RADIUS options (direct connect or modem access) also offer protection
for serial port access.