KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

431

432

433

434

435

436

437

438

439

440

newly authenticating client conflicts with the rate-limiting values assigned to previous clients, by

using Network Immunity you can configure the switch to apply any of the following attributes:

• Apply only the latest rate-limiting value assigned to all clients.

• Apply a client-specific rate-limiting configuration to the appropriate client session (overwrites

any rate-limit previously configured for other client sessions on the port).

For information about how to configure RADIUS-assigned and locally configured authentication

settings, see:

• RADIUS-assigned 802.1X authentication: “Port-Based and User-Based Access Control (802.1X)”

(page 455)

• RADIUS-assigned Web or MAC authentication: “Web-based and MAC authentication”

(page 72)

• RADIUS-assigned CoS, rate-limiting, and ACLS: “RADIUS server support for switch services”

(page 199)

• Statically (local) configured: “Configuring Username and Password Security” (page 20)

HP PCM+ Identity-Driven Manager (IDM)

HP PMC IDM is a plug-in to HP PCM+ and uses RADIUS-based technologies to create a user-centric

approach to network access management and network activity tracking and monitoring. IDM

enables control of access security policy from a central management server, with policy enforcement

to the network edge, and protection against both external and internal threats.

Using IDM, a system administrator can configure automatic and dynamic security to operate at

the network edge when a user connects to the network. This operation enables the network to:

• approve or deny access at the edge of the network instead of in the core;

• distinguish among different users and what each is authorized to do;

• configure guest access without compromising internal security.

Criteria for enforcing RADIUS-based security for IDM applications includes classifiers such as:

• authorized user identity

• authorized device identity (MAC address)

• software running on the device

• physical location in the network

• time of day

Responses can be configured to support the networking requirements, user (SNMP) community,

service needs, and access security level for a given client and device.

For more information on IDM, go to the HP Networking Web site at www.hp.com/solutions.

Access security features

This section provides an overview of the switch’s access security features, authentication protocols,

and methods. Table 47 (page 441) lists these features and provides summary configuration guidelines.

NOTE: Beginning with software release K.14.xx, the Management Interface wizard provides a

convenient step-by-step method to prepare the switch for secure network operation. See “Using

the Management Interface wizard” (page 436) for details.

440 Traffic/Security Features and Monitors